Malware analysis https://cdn.iobit.com/dl/iobituninstaller.exe Malicious activity

Add for printing

URL:	https://cdn.iobit.com/dl/iobituninstaller.exe
Full analysis:	https://app.any.run/tasks/b2b8ee8d-9339-47e2-aa29-77d6ba9d2600
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	March 01, 2024, 21:19:51
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader evasion
Indicators:
MD5:	B23B19871E48657AD49DCF9C3F205082
SHA1:	F9B12C734B654CAA0805C58E4EF1E97A50D83228
SHA256:	AB4FE9B7EFE31BE56E432B0EFB1FADFFCA177230D907CF2D292D47145229DA18
SSDEEP:	3:N8coPawelXLNn:2czwelXLN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - iobituninstaller.exe (PID: 1696)
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.exe (PID: 3516)
  - iobituninstaller.exe (PID: 1236)
  - iushrun.exe (PID: 2060)
  - iobituninstaller.tmp (PID: 1808)
  - CrRestore.exe (PID: 1892)
  - IObitDownloader.exe (PID: 2068)
  - AutoUpdate.exe (PID: 324)
  - iTopSetup.exe.exe (PID: 1192)
  - UninstallMonitor.exe (PID: 2376)
  - iTop Data Recovery_Setup_IU.exe (PID: 3300)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - ugin.exe (PID: 4000)
  - atud.exe (PID: 3640)
  - Autoupdate.exe (PID: 1852)
- Registers / Runs the DLL via REGSVR32.EXE
  - iush.exe (PID: 980)
  - IObitUninstaler.exe (PID: 2588)
- Steals credentials from Web Browsers
  - IObitUninstaler.exe (PID: 2588)
  - iTopVPN.exe (PID: 876)
- Actions looks like stealing of personal data
  - IObitUninstaler.exe (PID: 2588)
  - iTopVPN.exe (PID: 876)
- Runs injected code in another process
  - icop32.exe (PID: 2804)
  - ICONPIN32.exe (PID: 1216)
- Application was injected by another process
  - explorer.exe (PID: 1164)
SUSPICIOUS
- Executable content was dropped or overwritten
  - iobituninstaller.exe (PID: 1696)
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.exe (PID: 3516)
  - iobituninstaller.exe (PID: 1236)
  - iobituninstaller.tmp (PID: 1808)
  - iushrun.exe (PID: 2060)
  - CrRestore.exe (PID: 1892)
  - AutoUpdate.exe (PID: 324)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTopSetup.exe.exe (PID: 1192)
  - UninstallMonitor.exe (PID: 2376)
  - IObitDownloader.exe (PID: 2068)
  - iTop Data Recovery_Setup_IU.exe (PID: 3300)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - ugin.exe (PID: 4000)
  - atud.exe (PID: 3640)
  - Autoupdate.exe (PID: 1852)
- Reads security settings of Internet Explorer
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.tmp (PID: 1808)
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - Setup.exe (PID: 2072)
  - IObitUninstaler.exe (PID: 2588)
  - AUpdate.exe (PID: 1172)
  - IObitDownloader.exe (PID: 2068)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - IdrInit.exe (PID: 3544)
  - ugin.exe (PID: 4000)
  - iTopDataRecovery.exe (PID: 2984)
  - iTopVPN.exe (PID: 876)
- Reads the Windows owner or organization settings
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.tmp (PID: 1808)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
- Reads the Internet Settings
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.tmp (PID: 1808)
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - Setup.exe (PID: 2072)
  - IObitUninstaler.exe (PID: 2588)
  - AUpdate.exe (PID: 1172)
  - IObitDownloader.exe (PID: 2068)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - ugin.exe (PID: 4000)
  - IdrInit.exe (PID: 3544)
  - iTopDataRecovery.exe (PID: 2984)
  - iTopVPN.exe (PID: 876)
  - iTopVPNMini.exe (PID: 2908)
- Searches for installed software
  - iobituninstaller.tmp (PID: 1808)
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - CrRestore.exe (PID: 1892)
  - IObitUninstaler.exe (PID: 2588)
  - UninstallMonitor.exe (PID: 2376)
  - IObitDownloader.exe (PID: 2068)
  - iush.exe (PID: 3292)
  - AutoUpdate.exe (PID: 324)
  - UninstallMonitor.exe (PID: 844)
  - iTopVPN.exe (PID: 876)
- Process drops SQLite DLL files
  - iobituninstaller.tmp (PID: 1808)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
- Drops a system driver (possible attempt to evade defenses)
  - iobituninstaller.tmp (PID: 1808)
  - iTopSetup.exe.tmp (PID: 1196)
  - ugin.exe (PID: 4000)
- Creates/Modifies COM task schedule object
  - regsvr32.exe (PID: 680)
  - regsvr32.exe (PID: 1772)
  - regsvr32.exe (PID: 2736)
- Executes as Windows Service
  - IUService.exe (PID: 2336)
  - IDRService.exe (PID: 3912)
- Creates a software uninstall entry
  - iush.exe (PID: 980)
- Reads the date of Windows installation
  - iush.exe (PID: 980)
  - IObitUninstaler.exe (PID: 2588)
  - UninstallMonitor.exe (PID: 2376)
  - UninstallMonitor.exe (PID: 844)
- Process requests binary or script from the Internet
  - IObitDownloader.exe (PID: 2068)
  - AutoUpdate.exe (PID: 324)
- Process drops legitimate windows executable
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
- Uses TASKKILL.EXE to kill process
  - iTopSetup.exe.tmp (PID: 1196)
- The process verifies whether the antivirus software is installed
  - IObitUninstaler.exe (PID: 2588)
  - iTopVPN.exe (PID: 876)
- Starts SC.EXE for service management
  - cmd.exe (PID: 3212)
  - cmd.exe (PID: 1092)
  - cmd.exe (PID: 3724)
  - cmd.exe (PID: 2148)
  - cmd.exe (PID: 3684)
  - cmd.exe (PID: 2728)
  - cmd.exe (PID: 2556)
  - cmd.exe (PID: 1352)
  - cmd.exe (PID: 2452)
  - cmd.exe (PID: 1728)
  - cmd.exe (PID: 3832)
  - cmd.exe (PID: 764)
- Starts CMD.EXE for commands execution
  - ugin.exe (PID: 4000)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - iTopVPN.exe (PID: 876)
- Application launched itself
  - ugin.exe (PID: 4000)
- Process uses IPCONFIG to clear DNS cache
  - cmd.exe (PID: 2820)
  - cmd.exe (PID: 1992)
- Checks for external IP
  - ugin.exe (PID: 4000)
  - UninstallInfo.exe (PID: 3444)
  - unpr.exe (PID: 3044)
  - iTopVPN.exe (PID: 876)
  - aud.exe (PID: 3420)
- Connects to unusual port
  - iTopVPN.exe (PID: 876)
INFO
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 3692)
  - iexplore.exe (PID: 3672)
- Reads security settings of Internet Explorer
  - explorer.exe (PID: 1164)
- The process uses the downloaded file
  - iexplore.exe (PID: 3672)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 3692)
  - iexplore.exe (PID: 3672)
- Modifies the phishing filter of IE
  - iexplore.exe (PID: 3672)
- Application launched itself
  - iexplore.exe (PID: 3672)
  - msedge.exe (PID: 3516)
  - msedge.exe (PID: 2320)
- Checks supported languages
  - iobituninstaller.exe (PID: 1696)
  - Setup.exe (PID: 2072)
  - iobituninstaller.tmp (PID: 2860)
  - iobituninstaller.exe (PID: 3516)
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.tmp (PID: 1808)
  - iushrun.exe (PID: 2060)
  - iobituninstaller.exe (PID: 1236)
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - CrRestore.exe (PID: 1892)
  - IUService.exe (PID: 2336)
  - IObitUninstaler.exe (PID: 2588)
  - UninstallPromote.exe (PID: 448)
  - UninstallMonitor.exe (PID: 2376)
  - IObitDownloader.exe (PID: 2068)
  - iush.exe (PID: 3292)
  - AutoUpdate.exe (PID: 324)
  - iTopSetup.exe.exe (PID: 1192)
  - AUpdate.exe (PID: 1172)
  - iTopSetup.exe.tmp (PID: 1196)
  - ugin.exe (PID: 3576)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - ugin.exe (PID: 3008)
  - iTop Data Recovery_Setup_IU.exe (PID: 3300)
  - ugin.exe (PID: 2016)
  - ullc.exe (PID: 2896)
  - ugin.exe (PID: 4000)
  - iTopVPN.exe (PID: 2692)
  - iTopInsur.exe (PID: 3264)
  - LocalLang.exe (PID: 1368)
  - IdrInit.exe (PID: 3544)
  - UninstallInfo.exe (PID: 3444)
  - icop32.exe (PID: 2804)
  - iTopInsur.exe (PID: 2384)
  - ugin.exe (PID: 3136)
  - ICONPIN32.exe (PID: 1216)
  - UninstallMonitor.exe (PID: 844)
  - AUpdate.exe (PID: 1316)
  - iTopDataRecovery.exe (PID: 2984)
  - AUpdate.exe (PID: 3456)
  - IDRService.exe (PID: 3912)
  - Autoupdate.exe (PID: 1852)
  - iTopVPN.exe (PID: 876)
  - ugin.exe (PID: 2852)
  - ugin.exe (PID: 2548)
  - unpr.exe (PID: 3044)
  - aud.exe (PID: 884)
  - atud.exe (PID: 3640)
  - aud.exe (PID: 3420)
  - iTopVPNMini.exe (PID: 2908)
  - aud.exe (PID: 848)
  - Newfts.exe (PID: 2792)
- Create files in a temporary directory
  - iobituninstaller.exe (PID: 1696)
  - iobituninstaller.exe (PID: 3516)
  - iobituninstaller.tmp (PID: 1740)
  - iobituninstaller.exe (PID: 1236)
  - iobituninstaller.tmp (PID: 1808)
  - Setup.exe (PID: 2072)
  - iushrun.exe (PID: 2060)
  - IObitUninstaler.exe (PID: 2588)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTopSetup.exe.exe (PID: 1192)
  - iTop Data Recovery_Setup_IU.exe (PID: 3300)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - icop32.exe (PID: 2804)
  - explorer.exe (PID: 1164)
  - ICONPIN32.exe (PID: 1216)
  - iTopVPN.exe (PID: 876)
  - SecEdit.exe (PID: 3800)
  - SecEdit.exe (PID: 1632)
- Reads the computer name
  - iobituninstaller.tmp (PID: 1740)
  - Setup.exe (PID: 2072)
  - iobituninstaller.tmp (PID: 2860)
  - iobituninstaller.tmp (PID: 1808)
  - iushrun.exe (PID: 2060)
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - CrRestore.exe (PID: 1892)
  - IUService.exe (PID: 2336)
  - UninstallPromote.exe (PID: 448)
  - IObitUninstaler.exe (PID: 2588)
  - UninstallMonitor.exe (PID: 2376)
  - IObitDownloader.exe (PID: 2068)
  - iush.exe (PID: 3292)
  - AUpdate.exe (PID: 1172)
  - AutoUpdate.exe (PID: 324)
  - iTopSetup.exe.tmp (PID: 1196)
  - ugin.exe (PID: 3576)
  - ugin.exe (PID: 3008)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - ugin.exe (PID: 2016)
  - iTopVPN.exe (PID: 2692)
  - ugin.exe (PID: 4000)
  - iTopInsur.exe (PID: 3264)
  - IdrInit.exe (PID: 3544)
  - iTopInsur.exe (PID: 2384)
  - UninstallInfo.exe (PID: 3444)
  - ugin.exe (PID: 3136)
  - UninstallMonitor.exe (PID: 844)
  - IDRService.exe (PID: 3912)
  - iTopDataRecovery.exe (PID: 2984)
  - Autoupdate.exe (PID: 1852)
  - AUpdate.exe (PID: 1316)
  - iTopVPN.exe (PID: 876)
  - unpr.exe (PID: 3044)
  - ugin.exe (PID: 2852)
  - AUpdate.exe (PID: 3456)
  - ugin.exe (PID: 2548)
  - atud.exe (PID: 3640)
  - aud.exe (PID: 884)
  - aud.exe (PID: 3420)
  - iTopVPNMini.exe (PID: 2908)
  - Newfts.exe (PID: 2792)
  - aud.exe (PID: 848)
- Creates files in the program directory
  - iushrun.exe (PID: 2060)
  - Setup.exe (PID: 2072)
  - iush.exe (PID: 980)
  - iobituninstaller.tmp (PID: 1808)
  - DSPut.exe (PID: 968)
  - CrRestore.exe (PID: 1892)
  - UninstallPromote.exe (PID: 448)
  - IObitDownloader.exe (PID: 2068)
  - AutoUpdate.exe (PID: 324)
  - IObitUninstaler.exe (PID: 2588)
  - iTopSetup.exe.tmp (PID: 1196)
  - ugin.exe (PID: 2016)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - iTopVPN.exe (PID: 2692)
  - ugin.exe (PID: 4000)
  - iTopInsur.exe (PID: 3264)
  - UninstallInfo.exe (PID: 3444)
  - AUpdate.exe (PID: 1316)
  - Autoupdate.exe (PID: 1852)
  - IDRService.exe (PID: 3912)
  - iTopDataRecovery.exe (PID: 2984)
  - unpr.exe (PID: 3044)
  - ugin.exe (PID: 2852)
  - atud.exe (PID: 3640)
  - iTopVPN.exe (PID: 876)
- Creates files or folders in the user directory
  - Setup.exe (PID: 2072)
  - CrRestore.exe (PID: 1892)
  - iush.exe (PID: 980)
  - UninstallPromote.exe (PID: 448)
  - UninstallMonitor.exe (PID: 2376)
  - IObitDownloader.exe (PID: 2068)
  - IObitUninstaler.exe (PID: 2588)
  - AUpdate.exe (PID: 1172)
  - AutoUpdate.exe (PID: 324)
  - ugin.exe (PID: 3576)
  - iTopInsur.exe (PID: 3264)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
  - iTopVPN.exe (PID: 2692)
  - explorer.exe (PID: 1164)
  - Autoupdate.exe (PID: 1852)
  - iTopSetup.exe.tmp (PID: 1196)
  - atud.exe (PID: 3640)
  - iTopVPN.exe (PID: 876)
  - iTopVPNMini.exe (PID: 2908)
- Creates a software uninstall entry
  - iobituninstaller.tmp (PID: 1808)
  - iTopSetup.exe.tmp (PID: 1196)
  - iTop Data Recovery_Setup_IU.tmp (PID: 3536)
- Reads the machine GUID from the registry
  - iush.exe (PID: 980)
  - DSPut.exe (PID: 968)
  - IObitUninstaler.exe (PID: 2588)
  - UninstallMonitor.exe (PID: 2376)
  - AUpdate.exe (PID: 1172)
  - iTopVPN.exe (PID: 2692)
  - ugin.exe (PID: 4000)
  - icop32.exe (PID: 2804)
  - AUpdate.exe (PID: 1316)
  - ICONPIN32.exe (PID: 1216)
  - unpr.exe (PID: 3044)
  - AUpdate.exe (PID: 3456)
  - Autoupdate.exe (PID: 1852)
  - aud.exe (PID: 3420)
  - atud.exe (PID: 3640)
  - aud.exe (PID: 884)
  - iTopVPN.exe (PID: 876)
  - aud.exe (PID: 848)
  - iTopVPNMini.exe (PID: 2908)
- Checks proxy server information
  - DSPut.exe (PID: 968)
  - AUpdate.exe (PID: 1172)
- Process checks Internet Explorer phishing filters
  - iTopVPN.exe (PID: 876)
- Process checks whether UAC notifications are on
  - iTopVPN.exe (PID: 876)
- Manual execution by a user
  - msedge.exe (PID: 2320)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

183

Monitored processes

117

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

324

"C:\Program Files\IObit\IObit Uninstaller\AutoUpdate.exe" /Nomal

C:\Program Files\IObit\IObit Uninstaller\AutoUpdate.exe

IObitUninstaler.exe

User:

admin

Company:

IObit

Integrity Level:

HIGH

Description:

Autoupdate

Exit code:

Version:

13.0.0.100

Modules

Images
c:\program files\iobit\iobit uninstaller\autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\iobit uninstaller\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

324

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1600 --field-trial-handle=1212,i,7887629754303419756,7248407712059946144,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

392

cmd.exe /c ping www.google.com

C:\Windows\System32\cmd.exe

—

iTopVPN.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

448

"C:\Program Files\IObit\IObit Uninstaller\UninstallPromote.exe" /INSTALL un13

C:\Program Files\IObit\IObit Uninstaller\UninstallPromote.exe

iobituninstaller.tmp

User:

admin

Company:

IObit

Integrity Level:

HIGH

Description:

UnistallPromote

Exit code:

Version:

2.0.0.306

Modules

Images
c:\program files\iobit\iobit uninstaller\uninstallpromote.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

448

sc stop iTopDataRecoveryService4

C:\Windows\System32\sc.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

680

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll"

C:\Windows\System32\regsvr32.exe

iush.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

748

sc stop windivert

C:\Windows\System32\sc.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

748

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1212,i,7887629754303419756,7248407712059946144,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

764

"C:\Windows\System32\cmd.exe" /c sc description iTopDataRecoveryService4 "iTop Data Recovery Service"

C:\Windows\System32\cmd.exe

—

iTop Data Recovery_Setup_IU.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

844

"C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe" /srvupt

C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe

—

IUService.exe

User:

admin

Company:

IObit

Integrity Level:

HIGH

Description:

UninstallMonitor

Exit code:

Version:

13.2.0.3

Modules

Images
c:\program files\iobit\iobit uninstaller\uninstallmonitor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\iobit uninstaller\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

Add for printing

Total events

207 548

Read events

206 192

Write events

1 239

Delete events

117

Modification events


(PID) Process:	(1164) explorer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:	write	Name:	CheckSetting
Value: 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000DBDD10622BD67741A42163F361389C47000000000200000000001066000000010000200000009E29A13965AAB3C0F94785465D8FB7D823EFB73335269E5D5E9EF7771D6C8C32000000000E8000000002000020000000355C66E1CAFB2126BC8F9EC7E53638C0FC69D2D67498A2CFE26A57FC4E75BA993000000065B77A562AE12BDA6E15075ECDB951A9BE7E7CCDB9B33C53EAFB5289633665B54F4A6FE88B5B496443677CF430FD1067400000008CA89BE3F4F4A662E8881AE868B1982C1A2DE915767F7FF23AEAD6353F3053067215F257E6B5D8FFED6FBA07FF88CFD3745C0534F4DB161E89C344BE3AEB50E5
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 1
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchLowDateTime
Value: 936440368
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 31091742
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateLowDateTime
Value:
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 31091742
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3672) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0

Add for printing

Executable files

417

Suspicious files

154

Text files

592

Unknown types

Dropped files

PID	Process	Filename		Type
3692	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:9878D4F35A1140440B2616FAEDF88842	SHA256:AAD8BF80CA0C8E72A19FDB85BC78EDCAA36DEFD7005B814EA6B5E15926928E0D
3672	iexplore.exe	C:\Users\admin\AppData\Local\Temp\~DFEBCB3B4813B9CC67.TMP		binary
		MD5:A5054C455733196E85FB4D2A68EC345B	SHA256:B95BF587111B6FF7CE3266DF74C2C6C2A321153900D0B55852E19EA1FFC86348
3672	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\urlblockindex[1].bin		binary
		MD5:FA518E3DFAE8CA3A0E495460FD60C791	SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
3672	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\iobituninstaller.exe		executable
		MD5:2CC8EC50F3CB82F80C653C0DDE687252	SHA256:55998BDB9D1F1920180244C3F3B3256978FD14CDFCE7A952B4B5F61A4043FE0B
3672	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver728B.tmp		xml
		MD5:CBD0581678FA40F0EDCBC7C59E0CAD10	SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
3692	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419		binary
		MD5:674FD3659AC32095781E9BA590CBDF4E	SHA256:61A92BA69B34343A3727127B4FF6D94BBE733ED012804C3D9FE8ACA398764A50
3672	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7571924B-D811-11EE-AE0A-12A9866C77DE}.dat		binary
		MD5:CA14BB2A530E59927B5AE0EB488BBC71	SHA256:2C511EE7E7B4F564E52F441F3F53C3746429BDF4F176423FAE48A11642490575
3692	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\iobituninstaller.exe.uednp5o.partial		executable
		MD5:2CC8EC50F3CB82F80C653C0DDE687252	SHA256:55998BDB9D1F1920180244C3F3B3256978FD14CDFCE7A952B4B5F61A4043FE0B
3692	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\iobituninstaller[1].exe		executable
		MD5:B82331518903D01A0DD309777D4BFA24	SHA256:7DCFFB14182A968091A8852B10F5260E7D2551CDCF062C2769ECB3A1F01FB9F2
3672	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\iobituninstaller.exe.uednp5o.partial:Zone.Identifier		text
		MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B	SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

102

TCP/UDP connections

424

DNS requests

Threats

104

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3692	iexplore.exe	GET	304	88.221.110.112:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?545e1839169dd0e6	unknown	—	—	unknown
3692	iexplore.exe	GET	304	88.221.110.96:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bd117e088266f0f9	unknown	—	—	unknown
3672	iexplore.exe	GET	304	2.19.126.163:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d416ea50f343b89b	unknown	—	—	unknown
3692	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D	unknown	binary	471 b	unknown
1080	svchost.exe	GET	200	2.19.126.163:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?89bca2e7018c82c0	unknown	compressed	67.5 Kb	unknown
1080	svchost.exe	GET	304	2.19.126.163:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1b8fee253118cbef	unknown	compressed	67.5 Kb	unknown
3672	iexplore.exe	GET	304	2.19.126.163:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aeb32cb922858c96	unknown	—	—	unknown
3672	iexplore.exe	GET	304	2.19.126.163:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a0c79e91eb4e7878	unknown	—	—	unknown
2072	Setup.exe	GET	—	152.199.20.140:80	http://update.iobit.com/dl/iu/file/installer/installer.zlb	unknown	—	—	unknown
3672	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
3692	iexplore.exe	152.199.20.140:443	cdn.iobit.com	EDGECAST	US	unknown
3692	iexplore.exe	88.221.110.112:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3692	iexplore.exe	88.221.110.96:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3692	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
1080	svchost.exe	2.19.126.163:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3672	iexplore.exe	152.199.19.161:443	iecvlist.microsoft.com	EDGECAST	US	whitelisted
3672	iexplore.exe	2.19.126.163:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown

DNS requests

Domain	IP	Reputation
cdn.iobit.com	152.199.20.140	unknown
ctldl.windowsupdate.com	88.221.110.112 2.16.100.168 88.221.110.96 2.19.126.163 2.19.126.137	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
iecvlist.microsoft.com	152.199.19.161	whitelisted
r20swj13mr.microsoft.com	152.199.19.161	whitelisted
update.iobit.com	152.199.20.140	whitelisted
stats.iobit.com	54.164.98.208 54.160.64.54 52.4.232.72	unknown
ascstats.iobit.com	54.162.44.188 54.209.220.66 52.7.98.249	whitelisted
ieonline.microsoft.com	204.79.197.200	whitelisted
go.microsoft.com	23.43.62.58	whitelisted

Threats

PID	Process	Class	Message
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2072	Setup.exe	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
—	—	Potentially Bad Traffic	ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)

Add for printing

Process	Message
Setup.exe	OpenKeyReadOnly error
Setup.exe	Install un13 : NotInstall
Setup.exe	Result: 1
Setup.exe	LanID=1033
Setup.exe	NowVer: 13.3.0.2
Setup.exe	TFrmWizard.FormCreate
Setup.exe	ALangID=1033
Setup.exe	LanID=1033
Setup.exe	time1
Setup.exe	doFinshedEvent_Freeware 0

General Info

https://cdn.iobit.com/dl/iobituninstaller.exe

B23B19871E48657AD49DCF9C3F205082

F9B12C734B654CAA0805C58E4EF1E97A50D83228

AB4FE9B7EFE31BE56E432B0EFB1FADFFCA177230D907CF2D292D47145229DA18

3:N8coPawelXLNn:2czwelXLN

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Registers / Runs the DLL via REGSVR32.EXE

Steals credentials from Web Browsers

Actions looks like stealing of personal data

Runs injected code in another process

Application was injected by another process

SUSPICIOUS

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

Reads the Windows owner or organization settings

Reads the Internet Settings

Searches for installed software

Process drops SQLite DLL files

Drops a system driver (possible attempt to evade defenses)

Creates/Modifies COM task schedule object

Executes as Windows Service

Creates a software uninstall entry

Reads the date of Windows installation

Process requests binary or script from the Internet

Process drops legitimate windows executable

Uses TASKKILL.EXE to kill process

The process verifies whether the antivirus software is installed

Starts SC.EXE for service management

Starts CMD.EXE for commands execution

Application launched itself

Process uses IPCONFIG to clear DNS cache

Checks for external IP

Connects to unusual port

INFO

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

The process uses the downloaded file

Drops the executable file immediately after the start

Modifies the phishing filter of IE

Application launched itself

Checks supported languages

Create files in a temporary directory

Reads the computer name

Creates files in the program directory

Creates files or folders in the user directory

Creates a software uninstall entry

Reads the machine GUID from the registry

Checks proxy server information

Process checks Internet Explorer phishing filters

Process checks whether UAC notifications are on

Manual execution by a user

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules