File name:

4ukey.exe

Full analysis: https://app.any.run/tasks/9d3a328f-c45f-48ea-bf96-51ae11ef0ba5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 14, 2024, 13:42:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
upx
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

AF006B5C93AEDA0862E334689CB4E16D

SHA1:

7055344C1F554013BDBC9E11F97B5F4CED454A47

SHA256:

C9BAF5B3BBD9F3DBDECAC7AB702B602F29CF12FB62398C507EC026B278FD6ECA

SSDEEP:

98304:yXuHPx1C6PGczmSLf1zrBKzYMjZtNWBrgNFd1Lr6b/AQeBJ2Q3lrJzijTY86eV02:B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Connects to the CnC server

      • 4ukey.exe (PID: 5432)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Checks Windows Trust Settings

      • 4ukey.exe (PID: 5432)

    • Access to an unwanted program domain was detected

      • 4ukey.exe (PID: 5432)

    • Potential Corporate Privacy Violation

      • 4ukey.exe (PID: 5432)

    • Checks for external IP

      • 4ukey.exe (PID: 5432)

    • Executable content was dropped or overwritten

      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Starts CMD.EXE for commands execution

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Process drops legitimate windows executable

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Reads the Windows owner or organization settings

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Creates a software uninstall entry

      • 4ukey.exe (PID: 5432)

    • Reads the date of Windows installation

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Drops 7-zip archiver for unpacking

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Drops a system driver (possible attempt to evade defenses)

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • The process drops C-runtime libraries

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6536)

  • INFO

    • Reads the computer name

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Reads Environment values

      • 4ukey.exe (PID: 5432)

    • Create files in a temporary directory

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Checks supported languages

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Reads the machine GUID from the registry

      • 4ukey.exe (PID: 5432)

    • Checks proxy server information

      • 4ukey.exe (PID: 5432)

    • Creates files or folders in the user directory

      • 4ukey.exe (PID: 5432)

    • Reads the software policy settings

      • 4ukey.exe (PID: 5432)

    • UPX packer has been detected

      • 4ukey.exe (PID: 5432)

    • Creates files in the program directory

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Process checks computer location settings

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Creates a software uninstall entry

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Dropped object may contain TOR URL's

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:04 02:55:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1847296
InitializedDataSize: 172032
UninitializedDataSize: 2142208
EntryPoint: 0x3cea30
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.11.0
ProductVersionNumber: 2.7.11.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Tenorshare Co., Ltd.
FileDescription: Tenorshare 4uKey
FileVersion: 2.7.11.0
LegalCopyright: Copyright © 2024 TENORSHARE(HONGKONG)LIMITED All Rights Reserved.
ProductName: 20240604105530
ProductVersion: 2.7.11.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
7
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT 4ukey.exe 4ukeyforios_ts_3.7.2.exe 4ukeyforios_ts_3.7.2.tmp cmd.exe no specs conhost.exe no specs taskkill.exe no specs 4ukey.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1200taskkill /f /t /im "Tenorshare 4uKey.exe"C:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5140 /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\" /LANG=en /LOG="C:\Users\admin\AppData\Local\Temp\Tenorshare 4uKey_Setup_20240714134454.log" /sptrack nullC:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
4ukey.exe
User:
admin
Company:
TENORSHARE(HONGKONG)LIMITED
Integrity Level:
HIGH
Description:
Tenorshare 4uKey Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5432"C:\Users\admin\AppData\Local\Temp\4ukey.exe" C:\Users\admin\AppData\Local\Temp\4ukey.exe
explorer.exe
User:
admin
Company:
Tenorshare Co., Ltd.
Integrity Level:
HIGH
Description:
Tenorshare 4uKey
Version:
2.7.11.0
Modules
Images
c:\users\admin\appdata\local\temp\4ukey.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5912"C:\Users\admin\AppData\Local\Temp\4ukey.exe" C:\Users\admin\AppData\Local\Temp\4ukey.exeexplorer.exe
User:
admin
Company:
Tenorshare Co., Ltd.
Integrity Level:
MEDIUM
Description:
Tenorshare 4uKey
Exit code:
3221226540
Version:
2.7.11.0
Modules
Images
c:\users\admin\appdata\local\temp\4ukey.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6536"C:\WINDOWS\system32\cmd.exe" /c taskkill /f /t /im "Tenorshare 4uKey.exe"C:\Windows\SysWOW64\cmd.exe4ukeyforios_ts_3.7.2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6596"C:\Users\admin\AppData\Local\Temp\is-12NLD.tmp\4ukeyforios_ts_3.7.2.tmp" /SL5="$50346,199693701,284672,C:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\" /LANG=en /LOG="C:\Users\admin\AppData\Local\Temp\Tenorshare 4uKey_Setup_20240714134454.log" /sptrack nullC:\Users\admin\AppData\Local\Temp\is-12NLD.tmp\4ukeyforios_ts_3.7.2.tmp
4ukeyforios_ts_3.7.2.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-12nld.tmp\4ukeyforios_ts_3.7.2.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
6 709
Read events
6 651
Write events
50
Delete events
8

Modification events

(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Tenorshare\Downloader2.5.0
Operation:writeName:GA_PC
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GuidGuidold
Operation:writeName:guid
Value:
FFC6724E-01AD-4E2C-B3A6-FF39CA29210E
(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GuidGuidold
Operation:writeName:user_id
Value:
1001
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C41900004CB5F102F4D5DA01
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
1376373502538AF92D57F06AE01CFAAC61E0B324B142F3534674E1FAEFC93DC1
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
Executable files
954
Suspicious files
148
Text files
511
Unknown types
3

Dropped files

PID
Process
Filename
Type
54324ukey.exeC:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
MD5:
SHA256:
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\is-HQBBJ.tmptext
MD5:5185C0C549FAEC61E00C1856D486C7B3
SHA256:ADE640600530374C9A8A1FE0E79C8791ECDEE8115CB114A634A12FD7E8CA333F
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95der
MD5:C5647ACA7C55E061E6750E1971E588EC
SHA256:09617B8EE56258A913FCB1155D62C166CC2B821E437D415F3D7AF521C7BC5756
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:C76D255B137049C71C7F6FF7012163C6
SHA256:BA66085CAB212A7D1D74A782EB9DEC63B71C9DF780AB9009E3D6881AE2B91627
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_234E9B04AA8520A2E6CE0C38C9A1AE0Dder
MD5:25F2671E9DE2D29341F11302F73EA8A7
SHA256:6494FFC78BC9C46772ABAC2BD07DF669155F0ACCF84F44E13DAE4CB2283FB31D
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\is-4SM51.tmpexecutable
MD5:31455BDCA28404F4598EE34972D6BFBD
SHA256:9AD28105C5B09C8C4DE9B2621170A8003644C790826685895D0CD1F5F74E8B4A
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\unins000.exeexecutable
MD5:31455BDCA28404F4598EE34972D6BFBD
SHA256:9AD28105C5B09C8C4DE9B2621170A8003644C790826685895D0CD1F5F74E8B4A
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\is-LGRBR.tmpexecutable
MD5:0E9126EE40B64449B569AF70456B11F5
SHA256:B8CB54C7A5045BC9DF082E35981B42EB008A506CC42DB7AAD11B40DD49DF35CC
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\is-00MG4.tmpexecutable
MD5:E2AEB9E9E0BE848F65752DF75C79CB08
SHA256:8E8D4C4208054193C27B4B0006E1202CC86B6AB4CBA1A56B1C271D8764A866C7
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\is-K2PKJ.tmpexecutable
MD5:9A1E39A255C0A22E49906DA7DDC69274
SHA256:A742B375FC6CB32E17C66F7E677CEF59399216AC21C1384DE6EC892C2B099A4D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
270
DNS requests
25
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2060
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2060
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5432
4ukey.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
whitelisted
5432
4ukey.exe
POST
200
216.58.206.46:80
http://www.google-analytics.com/collect
unknown
unknown
5432
4ukey.exe
GET
200
208.95.112.1:80
http://ip-api.com/csv
unknown
shared
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3944
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5432
4ukey.exe
POST
200
216.58.206.46:80
http://www.google-analytics.com/collect
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2052
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2060
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2060
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4656
SearchApp.exe
92.123.104.58:443
www.bing.com
Akamai International B.V.
DE
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
www.bing.com
  • 92.123.104.58
  • 92.123.104.50
  • 92.123.104.54
  • 92.123.104.47
  • 92.123.104.52
  • 92.123.104.59
  • 92.123.104.46
  • 92.123.104.40
  • 92.123.104.53
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 172.217.18.110
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.68
  • 40.126.32.134
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.138
whitelisted
www.tenorshare.com
  • 104.17.192.141
  • 104.17.207.155
whitelisted
ip-api.com
  • 208.95.112.1
shared
www.google-analytics.com
  • 216.58.206.46
whitelisted

Threats

PID
Process
Class
Message
5432
4ukey.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
2168
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
2168
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
5432
4ukey.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
5432
4ukey.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
5432
4ukey.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Tenorshare Google Analytics Checkin
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
4ukey.exe