Windows Analysis Report
revosetup.exe

Overview

General Information

Sample name: revosetup.exe
Analysis ID: 1432131
MD5: 63150c4846bfbcf27fa70ccaa8a01943
SHA1: bfe32dcc00b041e0007a883af1588f354bb9f032
SHA256: a05acc9172e98ec6a6a7f923f5c648cc7a7c4e02bbcaaa5a6d9663229e662c24
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Monitors registry run keys for changes
Tries to harvest and steal browser information (history, passwords, etc)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

Source: about:blank HTTP Parser: No favicon
Uses 32bit PE files
Source: revosetup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENT AND COPYRIGHT========================IMPORTANT - READ CAREFULLY:This license agreement is a legal agreement between you (either personal or corporate) and VS Revo Group Ltd. the vendor of the software product Revo Uninstaller"."the Vendor" means the developer of the "Revo Uninstaller" software product VS Revo Group Ltd.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT AND THE LIMITATIONS OF YOUR LICENSE BY INSTALLING COPYING DISTRIBUTING OR OTHERWISE USING REVO UNINSTALLER. IF YOU DO NOT AGREE DO NOT INSTALL DISTRIBUTE OR USE REVO UNINSATALLER IN ANY WAYS.Revo Uninstaller is FREEWARE. You can freely use this software and distribute copies of the ORIGINAL DISTRIBUTION FILE as long as NO ALTERATIONS are made to the file and its contents no charge is raised and that this license agreement is not violated in any ways. Any other way of distributing this software is prohibited.This is not public domain software. The software is owned by the author and protected by copyright law. The Software is licensed not sold to You for Your use only under the terms of this Agreement and VS Revo Group Ltd. reserves all rights not expressly granted to You. You are NOT allowed to:1. Modify reverse engineer decompile disassemble or otherwise attempt to reconstruct or discover the source code or any parts of it from the binaries of Revo Uninstaller.2. Remove any product identification copyright proprietary notices or labels from Revo Uninstaller.3. Distribute Revo Uninstaller in any other form than in the official distribution packages without a written permission from the Vendor.4. Use run copy distribute or store Revo Uninstaller in your computer if this license agreement is violated in any ways.THE APPLICATION AND ANY RELATED DOCUMENTATION IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES. AND THAT THE VENDOR DOES NOT WARRANT THAT REVO UNINSTALLER WILL RUN UNINTERRUPTED OR ERROR FREE NOR THAT REVO UNINSTALLER WILL OPERATE WITH HARDWARE AND/OR SOFTWARE NOT PROVIDED BY THE VENDOR EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH YOUThe Agreement becomes effective when You agree to the terms and conditions of this Agreement by opening installing using accessing or manipulating the Software (the " Effective Date ") and this Agreement will terminate immediately upon notice to You if You materially breach any term or condition of this Agreement. You agree upon termination to promptly destroy the Software and all copies thereof.NOTE: REVO UNINSTALLER MAY CONNECT BY USERS REQUEST THROUGH THE INTERNET TO WWW.REVOUNINSTALLER.COM TO CHECK FOR UPDATES. DURING THIS PROCESS IT WILL DOWNLOAD A SMALL FILE THAT
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENT AND COPYRIGHT========================IMPORTANT - READ CAREFULLY:This license agreement is a legal agreement between you (either personal or corporate) and VS Revo Group Ltd. the vendor of the software product Revo Uninstaller"."the Vendor" means the developer of the "Revo Uninstaller" software product VS Revo Group Ltd.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT AND THE LIMITATIONS OF YOUR LICENSE BY INSTALLING COPYING DISTRIBUTING OR OTHERWISE USING REVO UNINSTALLER. IF YOU DO NOT AGREE DO NOT INSTALL DISTRIBUTE OR USE REVO UNINSATALLER IN ANY WAYS.Revo Uninstaller is FREEWARE. You can freely use this software and distribute copies of the ORIGINAL DISTRIBUTION FILE as long as NO ALTERATIONS are made to the file and its contents no charge is raised and that this license agreement is not violated in any ways. Any other way of distributing this software is prohibited.This is not public domain software. The software is owned by the author and protected by copyright law. The Software is licensed not sold to You for Your use only under the terms of this Agreement and VS Revo Group Ltd. reserves all rights not expressly granted to You. You are NOT allowed to:1. Modify reverse engineer decompile disassemble or otherwise attempt to reconstruct or discover the source code or any parts of it from the binaries of Revo Uninstaller.2. Remove any product identification copyright proprietary notices or labels from Revo Uninstaller.3. Distribute Revo Uninstaller in any other form than in the official distribution packages without a written permission from the Vendor.4. Use run copy distribute or store Revo Uninstaller in your computer if this license agreement is violated in any ways.THE APPLICATION AND ANY RELATED DOCUMENTATION IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES. AND THAT THE VENDOR DOES NOT WARRANT THAT REVO UNINSTALLER WILL RUN UNINTERRUPTED OR ERROR FREE NOR THAT REVO UNINSTALLER WILL OPERATE WITH HARDWARE AND/OR SOFTWARE NOT PROVIDED BY THE VENDOR EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH YOUThe Agreement becomes effective when You agree to the terms and conditions of this Agreement by opening installing using accessing or manipulating the Software (the " Effective Date ") and this Agreement will terminate immediately upon notice to You if You materially breach any term or condition of this Agreement. You agree upon termination to promptly destroy the Software and all copies thereof.NOTE: REVO UNINSTALLER MAY CONNECT BY USERS REQUEST THROUGH THE INTERNET TO WWW.REVOUNINSTALLER.COM TO CHECK FOR UPDATES. DURING THIS PROCESS IT WILL DOWNLOAD A SMALL FILE THAT
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-930TG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-SRMPO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-QNP87.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-1GMMQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-LQ7V0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-8HS44.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6JUB1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-TF4FP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-JLIIP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-51DQ4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-ON5O0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-89KBO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-H8O5L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-BHORG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-NU8DV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-86R4G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-O6OOC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-OQLC1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-BRMVK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-IE3NO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-NA2VL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6D4JF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-P4FJN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-F6T79.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-4HQ49.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-Q5ETH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-D9K51.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-AP8OQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-03S2V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-RM1PV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-7F029.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-MV7M3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-A47CF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6RDSI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-JEUE8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-8N9CU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-4H15I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-R94T1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-KQVVL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-57PF0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-2JR70.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-FVNN5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-79H19.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-Q3DI4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-FNPTG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-QRKAM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-20FHR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-3UJFV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-UKQ9R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-3D3RB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.msg
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-26 #001.txt
Source: revosetup.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: revosetup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl32.DllA\OpenSSL32.DllA\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl32.DllA\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 23.56.6.208
Source: unknown TCP traffic detected without corresponding DNS query: 23.56.6.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: www.revouninstaller.com
Source: global traffic DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic DNS traffic detected: DNS query: f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com
Source: global traffic DNS traffic detected: DNS query: static.zdassets.com
Source: global traffic DNS traffic detected: DNS query: ekr.zdassets.com
Source: global traffic DNS traffic detected: DNS query: widget.trustpilot.com
Source: global traffic DNS traffic detected: DNS query: vsrevogroup.zendesk.com
Source: global traffic DNS traffic detected: DNS query: static.hotjar.com
Source: global traffic DNS traffic detected: DNS query: widget-mediator.zopim.com
Source: global traffic DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: analytics.google.com
Source: global traffic DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: script.hotjar.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: v2assets.zopim.io
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.17:49808 version: TLS 1.2
Uses 32bit PE files
Source: revosetup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: sus24.spyw.winEXE@21/109@60/309
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Program Files\VS Revo Group
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Users\user\AppData\Local\Programs
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\RevoUninstallerFree}
Source: C:\Users\user\Desktop\revosetup.exe File created: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp
Source: C:\Users\user\Desktop\revosetup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File read: C:\Program Files\desktop.ini
Source: C:\Users\user\Desktop\revosetup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\user\Desktop\revosetup.exe File read: C:\Users\user\Desktop\revosetup.exe
Source: unknown Process created: C:\Users\user\Desktop\revosetup.exe "C:\Users\user\Desktop\revosetup.exe"
Source: C:\Users\user\Desktop\revosetup.exe Process created: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp "C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp" /SL5="$202EE,6355320,266240,C:\Users\user\Desktop\revosetup.exe"
Source: C:\Users\user\Desktop\revosetup.exe Process created: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp "C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp" /SL5="$202EE,6355320,266240,C:\Users\user\Desktop\revosetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process created: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.revouninstaller.com/free-install-thankyou/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1828,i,11340438784122239940,8123972705045919978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process created: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.revouninstaller.com/free-install-thankyou/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1828,i,11340438784122239940,8123972705045919978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\revosetup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\revosetup.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: apphelp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: msi.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wininet.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: msimg32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: oledlg.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: urlmon.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: version.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winmm.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: iertutil.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: srvcli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netutils.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: uxtheme.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: dwmapi.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: textshaping.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: textinputframework.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: coremessaging.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ntmarta.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wintypes.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wintypes.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wintypes.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: dataexchange.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: d3d11.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: dcomp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: dxgi.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: twinapi.appcore.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: windows.storage.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wldp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: propsys.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: profapi.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: thumbcache.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: policymanager.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: msvcp110_win.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: sspicli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: linkinfo.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: msiso.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: ieframe.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: netapi32.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: userenv.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: winhttp.dll
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Window found: window name: TSelectLanguageForm
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENT AND COPYRIGHT========================IMPORTANT - READ CAREFULLY:This license agreement is a legal agreement between you (either personal or corporate) and VS Revo Group Ltd. the vendor of the software product Revo Uninstaller"."the Vendor" means the developer of the "Revo Uninstaller" software product VS Revo Group Ltd.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT AND THE LIMITATIONS OF YOUR LICENSE BY INSTALLING COPYING DISTRIBUTING OR OTHERWISE USING REVO UNINSTALLER. IF YOU DO NOT AGREE DO NOT INSTALL DISTRIBUTE OR USE REVO UNINSATALLER IN ANY WAYS.Revo Uninstaller is FREEWARE. You can freely use this software and distribute copies of the ORIGINAL DISTRIBUTION FILE as long as NO ALTERATIONS are made to the file and its contents no charge is raised and that this license agreement is not violated in any ways. Any other way of distributing this software is prohibited.This is not public domain software. The software is owned by the author and protected by copyright law. The Software is licensed not sold to You for Your use only under the terms of this Agreement and VS Revo Group Ltd. reserves all rights not expressly granted to You. You are NOT allowed to:1. Modify reverse engineer decompile disassemble or otherwise attempt to reconstruct or discover the source code or any parts of it from the binaries of Revo Uninstaller.2. Remove any product identification copyright proprietary notices or labels from Revo Uninstaller.3. Distribute Revo Uninstaller in any other form than in the official distribution packages without a written permission from the Vendor.4. Use run copy distribute or store Revo Uninstaller in your computer if this license agreement is violated in any ways.THE APPLICATION AND ANY RELATED DOCUMENTATION IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES. AND THAT THE VENDOR DOES NOT WARRANT THAT REVO UNINSTALLER WILL RUN UNINTERRUPTED OR ERROR FREE NOR THAT REVO UNINSTALLER WILL OPERATE WITH HARDWARE AND/OR SOFTWARE NOT PROVIDED BY THE VENDOR EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH YOUThe Agreement becomes effective when You agree to the terms and conditions of this Agreement by opening installing using accessing or manipulating the Software (the " Effective Date ") and this Agreement will terminate immediately upon notice to You if You materially breach any term or condition of this Agreement. You agree upon termination to promptly destroy the Software and all copies thereof.NOTE: REVO UNINSTALLER MAY CONNECT BY USERS REQUEST THROUGH THE INTERNET TO WWW.REVOUNINSTALLER.COM TO CHECK FOR UPDATES. DURING THIS PROCESS IT WILL DOWNLOAD A SMALL FILE THAT
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENT AND COPYRIGHT========================IMPORTANT - READ CAREFULLY:This license agreement is a legal agreement between you (either personal or corporate) and VS Revo Group Ltd. the vendor of the software product Revo Uninstaller"."the Vendor" means the developer of the "Revo Uninstaller" software product VS Revo Group Ltd.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT AND THE LIMITATIONS OF YOUR LICENSE BY INSTALLING COPYING DISTRIBUTING OR OTHERWISE USING REVO UNINSTALLER. IF YOU DO NOT AGREE DO NOT INSTALL DISTRIBUTE OR USE REVO UNINSATALLER IN ANY WAYS.Revo Uninstaller is FREEWARE. You can freely use this software and distribute copies of the ORIGINAL DISTRIBUTION FILE as long as NO ALTERATIONS are made to the file and its contents no charge is raised and that this license agreement is not violated in any ways. Any other way of distributing this software is prohibited.This is not public domain software. The software is owned by the author and protected by copyright law. The Software is licensed not sold to You for Your use only under the terms of this Agreement and VS Revo Group Ltd. reserves all rights not expressly granted to You. You are NOT allowed to:1. Modify reverse engineer decompile disassemble or otherwise attempt to reconstruct or discover the source code or any parts of it from the binaries of Revo Uninstaller.2. Remove any product identification copyright proprietary notices or labels from Revo Uninstaller.3. Distribute Revo Uninstaller in any other form than in the official distribution packages without a written permission from the Vendor.4. Use run copy distribute or store Revo Uninstaller in your computer if this license agreement is violated in any ways.THE APPLICATION AND ANY RELATED DOCUMENTATION IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES. AND THAT THE VENDOR DOES NOT WARRANT THAT REVO UNINSTALLER WILL RUN UNINTERRUPTED OR ERROR FREE NOR THAT REVO UNINSTALLER WILL OPERATE WITH HARDWARE AND/OR SOFTWARE NOT PROVIDED BY THE VENDOR EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH YOUThe Agreement becomes effective when You agree to the terms and conditions of this Agreement by opening installing using accessing or manipulating the Software (the " Effective Date ") and this Agreement will terminate immediately upon notice to You if You materially breach any term or condition of this Agreement. You agree upon termination to promptly destroy the Software and all copies thereof.NOTE: REVO UNINSTALLER MAY CONNECT BY USERS REQUEST THROUGH THE INTERNET TO WWW.REVOUNINSTALLER.COM TO CHECK FOR UPDATES. DURING THIS PROCESS IT WILL DOWNLOAD A SMALL FILE THAT
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-930TG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-SRMPO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-QNP87.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-1GMMQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-LQ7V0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-8HS44.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6JUB1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-TF4FP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-JLIIP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-51DQ4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-ON5O0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-89KBO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-H8O5L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-BHORG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-NU8DV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-86R4G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-O6OOC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-OQLC1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-BRMVK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-IE3NO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-NA2VL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6D4JF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-P4FJN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-F6T79.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-4HQ49.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-Q5ETH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-D9K51.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-AP8OQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-03S2V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-RM1PV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-7F029.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-MV7M3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-A47CF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-6RDSI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-JEUE8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-8N9CU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-4H15I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-R94T1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-KQVVL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-57PF0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-2JR70.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-FVNN5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-79H19.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-Q3DI4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-FNPTG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-QRKAM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\lang\is-20FHR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-3UJFV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-UKQ9R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-3D3RB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Directory created: C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.msg
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1
Source: revosetup.exe Static PE information: certificate valid
Source: revosetup.exe Static file information: File size 6970144 > 1048576
Source: revosetup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Program Files\VS Revo Group\Revo Uninstaller\is-3UJFV.tmp Jump to dropped file
Source: C:\Users\user\Desktop\revosetup.exe File created: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Users\user\AppData\Local\Temp\is-APUB4.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-26 #001.txt

Boot Survival
barindex
Monitors registry run keys for changes
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller on the Web.url
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall Revo Uninstaller.lnk
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Desktop\revosetup.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Process information set: NOOPENFILEERRORBOX
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-APUB4.tmp\_isetup\_setup64.tmp Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl32.DllA\OpenSSL32.DllA\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl32.DllA\
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.revouninstaller.com/free-install-thankyou/
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-QDQK0.tmp\revosetup.tmp Queries volume information: C:\ VolumeInformation

Stealing of Sensitive Information
barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico
Source: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.226.52.129
 script.hotjar.com United States
16509 AMAZON-02US false
31.13.67.35
 unknown Ireland
32934 FACEBOOKUS false
142.250.189.142
 unknown United States
15169 GOOGLEUS false
18.66.255.92
 widget.trustpilot.com United States
3 MIT-GATEWAYSUS false
146.20.152.114
 revouninstaller.com United States
27357 RACKSPACEUS false
146.75.124.157
 platform.twitter.map.fastly.net Sweden
30051 SCCGOVUS false
151.101.129.229
 jsdelivr.map.fastly.net United States
54113 FASTLYUS false
104.71.249.186
 unknown United States
16625 AKAMAI-ASUS false
142.250.217.238
 unknown United States
15169 GOOGLEUS false
157.240.14.35
 star-mini.c10r.facebook.com United States
32934 FACEBOOKUS false
142.250.64.142
 unknown United States
15169 GOOGLEUS false
142.251.35.238
 unknown United States
15169 GOOGLEUS false
142.251.35.234
 unknown United States
15169 GOOGLEUS false
54.145.171.210
 widget-mediator.zopim.com United States
14618 AMAZON-AESUS false
104.18.72.113
 static.zdassets.com United States
13335 CLOUDFLARENETUS false
104.16.200.19
 v2assets.zopim.io United States
13335 CLOUDFLARENETUS false
142.250.217.162
 td.doubleclick.net United States
15169 GOOGLEUS false
108.157.173.76
 static-cdn.hotjar.com United States
16509 AMAZON-02US false
172.253.123.84
 unknown United States
15169 GOOGLEUS false
142.250.189.131
 unknown United States
15169 GOOGLEUS false
192.178.50.67
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
172.217.3.72
 unknown United States
15169 GOOGLEUS false
104.16.53.111
 vsrevogroup.zendesk.com United States
13335 CLOUDFLARENETUS false
142.250.189.132
 www.google.com United States
15169 GOOGLEUS false
142.250.189.138
 unknown United States
15169 GOOGLEUS false
104.18.11.207
 stackpath.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
142.250.217.174
 analytics.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.18.70.113
 ekr.zdassets.com United States
13335 CLOUDFLARENETUS false
173.194.216.156
 stats.g.doubleclick.net United States
15169 GOOGLEUS false
173.194.216.157
 unknown United States
15169 GOOGLEUS false
142.251.35.228
 unknown United States
15169 GOOGLEUS false
192.178.50.40
 unknown United States
15169 GOOGLEUS false
18.66.255.15
 unknown United States
3 MIT-GATEWAYSUS false
142.250.217.195
 unknown United States
15169 GOOGLEUS false
31.13.67.20
 scontent.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
23.22.231.22
 unknown United States
14618 AMAZON-AESUS false
18.66.255.55
 unknown United States
3 MIT-GATEWAYSUS false
142.250.217.170
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.17

Contacted Domains

Name IP Active
stackpath.bootstrapcdn.com 104.18.11.207 true
jsdelivr.map.fastly.net 151.101.129.229 true
star-mini.c10r.facebook.com 157.240.14.35 true
v2assets.zopim.io 104.16.200.19 true
vsrevogroup.zendesk.com 104.16.53.111 true
platform.twitter.map.fastly.net 146.75.124.157 true
stats.g.doubleclick.net 173.194.216.156 true
static.zdassets.com 104.18.72.113 true
scontent.xx.fbcdn.net 31.13.67.20 true
script.hotjar.com 13.226.52.129 true
widget-mediator.zopim.com 54.145.171.210 true
ekr.zdassets.com 104.18.70.113 true
td.doubleclick.net 142.250.217.162 true
analytics.google.com 142.250.217.174 true
www.google.com 142.250.189.132 true
widget.trustpilot.com 18.66.255.92 true
revouninstaller.com 146.20.152.114 true
static-cdn.hotjar.com 108.157.173.76 true
static.ads-twitter.com unknown unknown
www.facebook.com unknown unknown
cdn.jsdelivr.net unknown unknown
f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com unknown unknown
connect.facebook.net unknown unknown
www.revouninstaller.com unknown unknown
static.hotjar.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
about:blank false
  • Avira URL Cloud: safe
 low
https://td.doubleclick.net/td/ga/rul?tid=G-P73P80145H&gacid=1413362299.1714136623&gtm=45je44o0v869118035z871855269za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&z=820655299 false
    		high