File name:

4ukey.exe

Full analysis: https://app.any.run/tasks/9d3a328f-c45f-48ea-bf96-51ae11ef0ba5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 14, 2024, 13:42:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
upx
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

AF006B5C93AEDA0862E334689CB4E16D

SHA1:

7055344C1F554013BDBC9E11F97B5F4CED454A47

SHA256:

C9BAF5B3BBD9F3DBDECAC7AB702B602F29CF12FB62398C507EC026B278FD6ECA

SSDEEP:

98304:yXuHPx1C6PGczmSLf1zrBKzYMjZtNWBrgNFd1Lr6b/AQeBJ2Q3lrJzijTY86eV02:B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Connects to the CnC server

      • 4ukey.exe (PID: 5432)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Checks Windows Trust Settings

      • 4ukey.exe (PID: 5432)

    • Potential Corporate Privacy Violation

      • 4ukey.exe (PID: 5432)

    • Checks for external IP

      • 4ukey.exe (PID: 5432)

    • Reads the Windows owner or organization settings

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Reads the date of Windows installation

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Starts CMD.EXE for commands execution

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Access to an unwanted program domain was detected

      • 4ukey.exe (PID: 5432)

    • Executable content was dropped or overwritten

      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • The process drops C-runtime libraries

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Drops 7-zip archiver for unpacking

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Creates a software uninstall entry

      • 4ukey.exe (PID: 5432)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6536)

    • Process drops legitimate windows executable

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Drops a system driver (possible attempt to evade defenses)

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

  • INFO

    • Checks supported languages

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Reads the computer name

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Checks proxy server information

      • 4ukey.exe (PID: 5432)

    • Reads Environment values

      • 4ukey.exe (PID: 5432)

    • Create files in a temporary directory

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)
      • 4ukeyforios_ts_3.7.2.exe (PID: 5140)

    • Reads the machine GUID from the registry

      • 4ukey.exe (PID: 5432)

    • Creates files or folders in the user directory

      • 4ukey.exe (PID: 5432)

    • Reads the software policy settings

      • 4ukey.exe (PID: 5432)

    • Creates files in the program directory

      • 4ukey.exe (PID: 5432)
      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • UPX packer has been detected

      • 4ukey.exe (PID: 5432)

    • Process checks computer location settings

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Creates a software uninstall entry

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)

    • Dropped object may contain TOR URL's

      • 4ukeyforios_ts_3.7.2.tmp (PID: 6596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:04 02:55:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1847296
InitializedDataSize: 172032
UninitializedDataSize: 2142208
EntryPoint: 0x3cea30
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.11.0
ProductVersionNumber: 2.7.11.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Tenorshare Co., Ltd.
FileDescription: Tenorshare 4uKey
FileVersion: 2.7.11.0
LegalCopyright: Copyright © 2024 TENORSHARE(HONGKONG)LIMITED All Rights Reserved.
ProductName: 20240604105530
ProductVersion: 2.7.11.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
7
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT 4ukey.exe 4ukeyforios_ts_3.7.2.exe 4ukeyforios_ts_3.7.2.tmp cmd.exe no specs conhost.exe no specs taskkill.exe no specs 4ukey.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1200taskkill /f /t /im "Tenorshare 4uKey.exe"C:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5140 /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\" /LANG=en /LOG="C:\Users\admin\AppData\Local\Temp\Tenorshare 4uKey_Setup_20240714134454.log" /sptrack nullC:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
4ukey.exe
User:
admin
Company:
TENORSHARE(HONGKONG)LIMITED
Integrity Level:
HIGH
Description:
Tenorshare 4uKey Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5432"C:\Users\admin\AppData\Local\Temp\4ukey.exe" C:\Users\admin\AppData\Local\Temp\4ukey.exe
explorer.exe
User:
admin
Company:
Tenorshare Co., Ltd.
Integrity Level:
HIGH
Description:
Tenorshare 4uKey
Version:
2.7.11.0
Modules
Images
c:\users\admin\appdata\local\temp\4ukey.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5912"C:\Users\admin\AppData\Local\Temp\4ukey.exe" C:\Users\admin\AppData\Local\Temp\4ukey.exeexplorer.exe
User:
admin
Company:
Tenorshare Co., Ltd.
Integrity Level:
MEDIUM
Description:
Tenorshare 4uKey
Exit code:
3221226540
Version:
2.7.11.0
Modules
Images
c:\users\admin\appdata\local\temp\4ukey.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6536"C:\WINDOWS\system32\cmd.exe" /c taskkill /f /t /im "Tenorshare 4uKey.exe"C:\Windows\SysWOW64\cmd.exe4ukeyforios_ts_3.7.2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6596"C:\Users\admin\AppData\Local\Temp\is-12NLD.tmp\4ukeyforios_ts_3.7.2.tmp" /SL5="$50346,199693701,284672,C:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\" /LANG=en /LOG="C:\Users\admin\AppData\Local\Temp\Tenorshare 4uKey_Setup_20240714134454.log" /sptrack nullC:\Users\admin\AppData\Local\Temp\is-12NLD.tmp\4ukeyforios_ts_3.7.2.tmp
4ukeyforios_ts_3.7.2.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-12nld.tmp\4ukeyforios_ts_3.7.2.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
6 709
Read events
6 651
Write events
50
Delete events
8

Modification events

(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Tenorshare\Downloader2.5.0
Operation:writeName:GA_PC
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(5432) 4ukey.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GuidGuidold
Operation:writeName:guid
Value:
FFC6724E-01AD-4E2C-B3A6-FF39CA29210E
(PID) Process:(5432) 4ukey.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GuidGuidold
Operation:writeName:user_id
Value:
1001
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C41900004CB5F102F4D5DA01
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
1376373502538AF92D57F06AE01CFAAC61E0B324B142F3534674E1FAEFC93DC1
(PID) Process:(6596) 4ukeyforios_ts_3.7.2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
Executable files
954
Suspicious files
148
Text files
511
Unknown types
3

Dropped files

PID
Process
Filename
Type
54324ukey.exeC:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe
MD5:
SHA256:
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cbinary
MD5:C76D255B137049C71C7F6FF7012163C6
SHA256:BA66085CAB212A7D1D74A782EB9DEC63B71C9DF780AB9009E3D6881AE2B91627
54324ukey.exeC:\Users\admin\AppData\Local\Temp\4ukeyforios_ts\4ukeyforios_ts_3.7.2.exe.dbtext
MD5:40379FE6AD157CE1F5D5B65385B9F640
SHA256:5CDAF27F197D59802401A1D457829C6EABA4FD53C1037A81E8EA7CFA9E3AE604
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cder
MD5:9634D20FF337F876DA325DC6C05BA80B
SHA256:12A02E8A7B0FB19B48A6C17AAAF2D8109ACAC7F0E6F6A1DAF161F01BDC865A2A
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_234E9B04AA8520A2E6CE0C38C9A1AE0Dbinary
MD5:E6B4CAFD1E6AF0F29CC780081B5A98B8
SHA256:5738F26F677818DA8F3691C969EAE190739A9CC23F289AE25F880E7C94FB6CCB
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_234E9B04AA8520A2E6CE0C38C9A1AE0Dder
MD5:25F2671E9DE2D29341F11302F73EA8A7
SHA256:6494FFC78BC9C46772ABAC2BD07DF669155F0ACCF84F44E13DAE4CB2283FB31D
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95der
MD5:C5647ACA7C55E061E6750E1971E588EC
SHA256:09617B8EE56258A913FCB1155D62C166CC2B821E437D415F3D7AF521C7BC5756
54324ukey.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95binary
MD5:6603C2E936DAF8C535EE95C9B9A950B0
SHA256:4DDC83FC5AF0385FD1F2E3A4703A10711575401AAD0E373BD7C7278E04265547
65964ukeyforios_ts_3.7.2.tmpC:\Users\admin\AppData\Local\Temp\is-C96H2.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
65964ukeyforios_ts_3.7.2.tmpC:\Program Files (x86)\Tenorshare\Tenorshare 4uKey\AgentSupportCLR.dllexecutable
MD5:E2AEB9E9E0BE848F65752DF75C79CB08
SHA256:8E8D4C4208054193C27B4B0006E1202CC86B6AB4CBA1A56B1C271D8764A866C7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
270
DNS requests
25
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2060
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2060
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3944
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5432
4ukey.exe
GET
301
104.17.192.141:80
http://www.tenorshare.com/downloads/service/softwarelog.txt
unknown
whitelisted
5432
4ukey.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
whitelisted
5432
4ukey.exe
GET
200
208.95.112.1:80
http://ip-api.com/csv
unknown
shared
5432
4ukey.exe
POST
200
216.58.206.46:80
http://www.google-analytics.com/collect
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2052
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2060
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2060
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4656
SearchApp.exe
92.123.104.58:443
www.bing.com
Akamai International B.V.
DE
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
www.bing.com
  • 92.123.104.58
  • 92.123.104.50
  • 92.123.104.54
  • 92.123.104.47
  • 92.123.104.52
  • 92.123.104.59
  • 92.123.104.46
  • 92.123.104.40
  • 92.123.104.53
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 172.217.18.110
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.68
  • 40.126.32.134
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.138
whitelisted
www.tenorshare.com
  • 104.17.192.141
  • 104.17.207.155
whitelisted
ip-api.com
  • 208.95.112.1
shared
www.google-analytics.com
  • 216.58.206.46
whitelisted

Threats

PID
Process
Class
Message
5432
4ukey.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
2168
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
2168
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
5432
4ukey.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
5432
4ukey.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
5432
4ukey.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Tenorshare Google Analytics Checkin
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
4ukey.exe