File name:

revosetup.exe

Full analysis: https://app.any.run/tasks/07e2efb2-4828-4a1b-ace3-5626c7f2c028
Verdict: Malicious activity
Analysis date: February 09, 2025, 12:07:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
inno
installer
delphi
possible-phishing
websocket
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

FACBC7E132E3407FF9BD29FE5E2A13E0

SHA1:

0FC857EA0DE67CA6E76A822A2C4C9FA497DBBCBB

SHA256:

E9085FBB110DC2AFED76DB7AF8F3CE3DCB65D4278E7D2DEE9444D6D9F8EB1824

SSDEEP:

98304:H0QN3VKL91wEj8q7U6M5gOw0Pg10XwNmkhXOfDmSavRWhudkc8UC2pr0yEkIBFXW:ehlZ0/Mu8hQUmraFFQ4zQvboroPrU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • revosetup.exe (PID: 6056)
      • revosetup.exe (PID: 4628)
      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)
      • RevoUninHelper.exe (PID: 5392)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 2548)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • revosetup.tmp (PID: 524)
      • revosetup.tmp (PID: 3364)
      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)

    • Executable content was dropped or overwritten

      • revosetup.exe (PID: 6056)
      • revosetup.exe (PID: 4628)
      • revosetup.tmp (PID: 3364)
      • rundll32.exe (PID: 2548)

    • Reads the Windows owner or organization settings

      • revosetup.tmp (PID: 3364)

    • Stops a currently running service

      • sc.exe (PID: 2464)

    • Uses TASKKILL.EXE to kill process

      • revosetup.tmp (PID: 3364)

    • Drops a system driver (possible attempt to evade defenses)

      • revosetup.tmp (PID: 3364)
      • rundll32.exe (PID: 2548)

    • Searches for installed software

      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)

    • Uses RUNDLL32.EXE to load library

      • revosetup.tmp (PID: 3364)

    • There is functionality for taking screenshot (YARA)

      • RevoUninHelper.exe (PID: 3060)

  • INFO

    • Checks supported languages

      • revosetup.exe (PID: 6056)
      • revosetup.tmp (PID: 524)
      • revosetup.exe (PID: 4628)
      • revosetup.tmp (PID: 3364)
      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)
      • RevoUninHelper.exe (PID: 5392)
      • identity_helper.exe (PID: 6304)

    • Reads the computer name

      • revosetup.tmp (PID: 524)
      • revosetup.tmp (PID: 3364)
      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)
      • identity_helper.exe (PID: 6304)

    • Process checks computer location settings

      • revosetup.tmp (PID: 524)
      • revosetup.tmp (PID: 3364)

    • Create files in a temporary directory

      • revosetup.exe (PID: 6056)
      • revosetup.exe (PID: 4628)
      • revosetup.tmp (PID: 3364)

    • Detects InnoSetup installer (YARA)

      • revosetup.exe (PID: 6056)
      • revosetup.tmp (PID: 524)
      • revosetup.exe (PID: 4628)
      • revosetup.tmp (PID: 3364)

    • Compiled with Borland Delphi (YARA)

      • revosetup.exe (PID: 6056)
      • revosetup.exe (PID: 4628)
      • revosetup.tmp (PID: 524)
      • revosetup.tmp (PID: 3364)

    • Creates files in the driver directory

      • rundll32.exe (PID: 2548)

    • Reads the time zone

      • runonce.exe (PID: 1520)

    • The sample compiled with english language support

      • revosetup.tmp (PID: 3364)
      • rundll32.exe (PID: 2548)

    • Creates files in the program directory

      • revosetup.tmp (PID: 3364)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 1520)

    • Creates a software uninstall entry

      • revosetup.tmp (PID: 3364)

    • Local mutex for internet shortcut management

      • RevoUninHelper.exe (PID: 3060)
      • RevoUnin.exe (PID: 5236)

    • Manual execution by a user

      • msedge.exe (PID: 5560)
      • msedge.exe (PID: 6704)

    • Application launched itself

      • msedge.exe (PID: 3744)
      • msedge.exe (PID: 5560)

    • Reads Environment values

      • identity_helper.exe (PID: 6304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:06:14 13:27:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 198656
UninitializedDataSize: -
EntryPoint: 0x1181c
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.5.7.0
ProductVersionNumber: 2.5.7.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: VS Revo Group
FileDescription: Revo Uninstaller
FileVersion: 2.5.7.0
LegalCopyright: VS Revo Group, Ltd.
ProductName: Revo Uninstaller
ProductVersion: 2.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
183
Monitored processes
62
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start revosetup.exe revosetup.tmp no specs revosetup.exe revosetup.tmp sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs rundll32.exe runonce.exe no specs grpconv.exe no specs revouninhelper.exe no specs revounin.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe revouninhelper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Users\admin\AppData\Local\Temp\is-EK27G.tmp\revosetup.tmp" /SL5="$5035A,10701028,266240,C:\Users\admin\Desktop\revosetup.exe" C:\Users\admin\AppData\Local\Temp\is-EK27G.tmp\revosetup.tmprevosetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ek27g.tmp\revosetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1520"C:\WINDOWS\system32\runonce.exe" -rC:\Windows\System32\runonce.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Run Once Wrapper
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\runonce.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
1804"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7644 --field-trial-handle=2752,i,6166154002323717394,8320880367809540712,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2464"C:\Windows\System32\sc.exe" stop revoprocessdetectorC:\Windows\SysWOW64\sc.exerevosetup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2548"rundll32.exe " SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\VS Revo Group\Revo Uninstaller\RevoProcessDetector.infC:\Windows\System32\rundll32.exe
revosetup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
2624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2952 --field-trial-handle=2752,i,6166154002323717394,8320880367809540712,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3060"C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe"C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exerevosetup.tmp
User:
admin
Company:
VS Revo Group Ltd.
Integrity Level:
HIGH
Description:
Revo Uninstaller Helper
Version:
1.1.1.0
Modules
Images
c:\program files\vs revo group\revo uninstaller\revouninhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3080\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3364"C:\Users\admin\AppData\Local\Temp\is-MIQ8I.tmp\revosetup.tmp" /SL5="$60302,10701028,266240,C:\Users\admin\Desktop\revosetup.exe" /SPAWNWND=$50224 /NOTIFYWND=$5035A C:\Users\admin\AppData\Local\Temp\is-MIQ8I.tmp\revosetup.tmp
revosetup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-miq8i.tmp\revosetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
3744"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.revouninstaller.com/free-install-thankyou/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exerevosetup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
9 379
Read events
9 283
Write events
95
Delete events
1

Modification events

(PID) Process:(3364) revosetup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\VS Revo Group\Revo Uninstaller\Helper
Operation:writeName:HelperEnabled
Value:
1
(PID) Process:(1520) runonce.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:delete valueName:GrpConv
Value:
grpconv -o
(PID) Process:(3364) revosetup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\VS Revo Group\Revo Uninstaller\General
Operation:writeName:WebLang
Value:
ENG
(PID) Process:(3364) revosetup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\VS Revo Group\Revo Uninstaller\General
Operation:writeName:Language file
Value:
english.ini
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (u)
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\VS Revo Group\Revo Uninstaller
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\VS Revo Group\Revo Uninstaller\
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Revo Uninstaller
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3364) revosetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,enablehelper
Executable files
29
Suspicious files
361
Text files
152
Unknown types
0

Dropped files

PID
Process
Filename
Type
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6AHR1.tmptext
MD5:CD86D5DF4564A5D91934B3383A2B342E
SHA256:09FE4F2A0D1D54C5D374DB235F07F06642404A630F8B981461B0F7998B7C753B
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-V20PB.tmptext
MD5:EDF65AA9E3901E57E6290C53D9B18F19
SHA256:AA6B1D30A2ADC755A44122ACA13C7CA56C740C6E69F9B799EA6FD5CA7109DC4E
4628revosetup.exeC:\Users\admin\AppData\Local\Temp\is-MIQ8I.tmp\revosetup.tmpexecutable
MD5:32A32C18A266325E9E0CAC03542AC371
SHA256:5CE8C19EE33A1B491145025944D4604A4C7C76686D94A1EDD32FA677C66DA67F
3364revosetup.tmpC:\Users\admin\AppData\Local\Temp\is-DCADS.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-VT03V.tmptext
MD5:B460A1121BDB6806E308212EB9F63F8F
SHA256:7A2F9651F01898D76E4B0AD81272D12602162AAB0AF87EB7E0294ED345C1A6B2
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exeexecutable
MD5:32A32C18A266325E9E0CAC03542AC371
SHA256:5CE8C19EE33A1B491145025944D4604A4C7C76686D94A1EDD32FA677C66DA67F
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-8JOUQ.tmptext
MD5:18E801F08761E514A93C053D8C32EDE6
SHA256:124F3510C54120F22ABD6118A35F9260558973005F9F05053C4300D3235ECFCE
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\bulgarian.initext
MD5:9878D084C0A72935DCDD9E4988BE4887
SHA256:60A69BC350B5C0ABF21AB39E6671B40BDF75C3D1B06D28421EE0DA91AAE73302
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-NRSLS.tmptext
MD5:C75676D808ED8D88ADD598CC51F79769
SHA256:D8D0C60EAD40825B14D3218AD5A17870F51D602653A397F2162F31B0150E6915
3364revosetup.tmpC:\Program Files\VS Revo Group\Revo Uninstaller\lang\arabic.initext
MD5:C75676D808ED8D88ADD598CC51F79769
SHA256:D8D0C60EAD40825B14D3218AD5A17870F51D602653A397F2162F31B0150E6915
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
172
TCP/UDP connections
161
DNS requests
145
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.167:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
13.107.253.45:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
14.3 Kb
whitelisted
GET
200
146.20.152.114:443
https://www.revouninstaller.com/free-install-thankyou/
unknown
html
77.9 Kb
whitelisted
GET
200
52.123.243.199:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
GET
200
104.122.33.115:443
https://f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com/site/screens-5/quick-multiple-uninstall.png
unknown
image
44.4 Kb
whitelisted
GET
200
104.18.11.207:443
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css?ver=4.4.1
unknown
text
155 Kb
whitelisted
GET
200
146.20.152.114:443
https://www.revouninstaller.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
unknown
binary
85.5 Kb
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
5.64 Kb
whitelisted
GET
200
146.20.152.114:443
https://www.revouninstaller.com/wp-content/plugins/cookiefirst-plugin/public/css/cookiefirst-plugin-public.css?ver=1.0.0
unknown
text
98 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2.16.110.195:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.167:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3976
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5560
msedge.exe
239.255.255.250:1900
whitelisted
5588
msedge.exe
52.123.243.72:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
DE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.110.195
  • 2.16.110.193
  • 2.16.110.145
  • 2.16.110.168
  • 2.16.110.200
  • 2.16.110.130
  • 2.16.110.137
  • 2.16.110.123
  • 2.16.110.121
  • 2.16.110.136
  • 2.16.110.203
  • 2.16.110.129
  • 2.16.110.144
  • 2.16.110.120
  • 2.16.110.139
  • 104.126.37.153
  • 104.126.37.130
  • 104.126.37.145
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.131
  • 104.126.37.154
  • 104.126.37.139
  • 104.126.37.137
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.48.23.167
  • 23.48.23.177
  • 23.48.23.166
  • 23.48.23.147
  • 23.48.23.141
  • 23.48.23.194
  • 23.48.23.193
  • 23.48.23.180
  • 23.48.23.169
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
config.edge.skype.com
  • 52.123.243.72
  • 52.123.243.68
  • 52.123.243.76
  • 52.123.243.197
  • 52.123.243.192
  • 52.123.243.95
  • 52.123.243.71
  • 52.123.243.199
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
www.revouninstaller.com
  • 146.20.152.114
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

PID
Process
Class
Message
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
5588
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
5588
msedge.exe
Misc activity
ET INFO MailJet URL Shortening Service Domain in DNS Lookup (mjt .lu)
5588
msedge.exe
Misc activity
ET INFO MailJet URL Shortening Service Domain in DNS Lookup (mjt .lu)
5588
msedge.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Domain is used for link redirection and static content hosting ( .mjt .lu)
5588
msedge.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Domain is used for link redirection and static content hosting ( .mjt .lu)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
revosetup.exe