File name:

KeePass-2.56-Setup.exe

Full analysis: https://app.any.run/tasks/92a9bc5b-0910-4f32-b937-3112bb0f7247
Verdict: Malicious activity
Analysis date: May 24, 2025, 14:17:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
inno
installer
delphi
qrcode
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

8B386B89E614D3084C1DA3C28E324FB2

SHA1:

D2984F9BF8F71CBBED61E44CD4F1E888A8F2A26A

SHA256:

0000CFF6A3C7F7EEBC0EDC3D1E42E454EBB675E57D6FC1FD968952694B1B44B3

SSDEEP:

98304:X6Gavikf8V1TtLDPaCeU1b4JYUr5gg3DqdeKWa4SvVvsThGuoQtEyJg7kXhsTMF0:F8GMOaLKGMpUnUoLduP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • KeePass-2.56-Setup.exe (PID: 896)

    • Executing a file with an untrusted certificate

      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass.exe (PID: 6960)
      • KeePass.exe (PID: 6372)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Reads the Windows owner or organization settings

      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Reads Internet Explorer settings

      • rundll32.exe (PID: 6004)

    • Reads the date of Windows installation

      • KeePass.exe (PID: 6372)

    • Uses RUNDLL32.EXE to load library

      • KeePass.exe (PID: 6372)

    • There is functionality for taking screenshot (YARA)

      • KeePass.exe (PID: 6372)
      • KeePass.exe (PID: 6960)

    • Sets XML DOM element text (SCRIPT)

      • rundll32.exe (PID: 6004)

    • Reads Microsoft Outlook installation path

      • rundll32.exe (PID: 6004)

    • Reads security settings of Internet Explorer

      • KeePass.exe (PID: 6372)

  • INFO

    • Create files in a temporary directory

      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass-2.56-Setup.tmp (PID: 2136)
      • KeePass.exe (PID: 6372)

    • Checks supported languages

      • KeePass-2.56-Setup.tmp (PID: 2136)
      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass.exe (PID: 6372)

    • Reads the computer name

      • KeePass-2.56-Setup.tmp (PID: 2136)
      • KeePass.exe (PID: 6372)

    • Detects InnoSetup installer (YARA)

      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Compiled with Borland Delphi (YARA)

      • KeePass-2.56-Setup.exe (PID: 896)
      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Creates files or folders in the user directory

      • KeePass-2.56-Setup.tmp (PID: 2136)
      • rundll32.exe (PID: 6004)
      • explorer.exe (PID: 5492)

    • The sample compiled with german language support

      • KeePass-2.56-Setup.tmp (PID: 2136)

    • The sample compiled with english language support

      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Creates a software uninstall entry

      • KeePass-2.56-Setup.tmp (PID: 2136)

    • Reads the machine GUID from the registry

      • KeePass.exe (PID: 6372)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5492)
      • rundll32.exe (PID: 6004)
      • printfilterpipelinesvc.exe (PID: 6112)

    • Reads the software policy settings

      • slui.exe (PID: 2316)

    • Reads Microsoft Office registry keys

      • explorer.exe (PID: 5492)

    • Manual execution by a user

      • Acrobat.exe (PID: 3156)
      • Taskmgr.exe (PID: 4696)
      • KeePass.exe (PID: 6960)
      • msedge.exe (PID: 2852)
      • Taskmgr.exe (PID: 4980)
      • msedge.exe (PID: 3192)

    • Application launched itself

      • Acrobat.exe (PID: 3156)
      • msedge.exe (PID: 2852)
      • msedge.exe (PID: 7248)
      • msedge.exe (PID: 8088)
      • AcroCEF.exe (PID: 1240)

    • Process checks computer location settings

      • KeePass.exe (PID: 6372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:02:12 05:53:16+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 684032
InitializedDataSize: 159744
UninitializedDataSize: -
EntryPoint: 0xa7f98
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Dominik Reichl
FileDescription: KeePass Password Safe 2 Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: KeePass Password Safe 2
ProductVersion: 2.56.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
238
Monitored processes
99
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start keepass-2.56-setup.exe keepass-2.56-setup.tmp sppextcomobj.exe no specs slui.exe keepass.exe no specs rundll32.exe no specs slui.exe printfilterpipelinesvc.exe no specs acrobat.exe no specs acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs taskmgr.exe no specs taskmgr.exe rundll32.exe no specs keepass.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2308,i,712139893032382636,10266069107008921677,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
616C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
644"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2936 --field-trial-handle=1600,i,12204136565930956641,10590964321355270089,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
732C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
896"C:\Users\admin\Downloads\KeePass-2.56-Setup.exe" C:\Users\admin\Downloads\KeePass-2.56-Setup.exe
explorer.exe
User:
admin
Company:
Dominik Reichl
Integrity Level:
MEDIUM
Description:
KeePass Password Safe 2 Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\keepass-2.56-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6240 --field-trial-handle=2348,i,4532626981613089239,8438254815862764096,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
976"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2472 --field-trial-handle=2388,i,13265085479937771891,8503299514170674892,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5516 --field-trial-handle=2388,i,13265085479937771891,8503299514170674892,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1240"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1300C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
Total events
63 625
Read events
62 949
Write events
637
Delete events
39

Modification events

(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000050312
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000050312
Operation:delete keyName:(default)
Value:
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000070312
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.4.1
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Local\KeePass Password Safe 2
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\KeePass Password Safe 2\
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
KeePass Password Safe 2
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
(PID) Process:(2136) KeePass-2.56-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{535843DD-6709-48E3-9255-3E8CC7BCC4C6}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
desktopicon
Executable files
63
Suspicious files
925
Text files
371
Unknown types
0

Dropped files

PID
Process
Filename
Type
896KeePass-2.56-Setup.exeC:\Users\admin\AppData\Local\Temp\is-7G9GN.tmp\KeePass-2.56-Setup.tmpexecutable
MD5:40F59A2EEB368B4F648D124A33488090
SHA256:7C0F28081FE308EFB3ACF93F542F1A74F028BBAC16890E1E1A8AD977FF2C4835
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\is-A98A0.tmpexecutable
MD5:D62454972C2448BA756B4C1D2A336798
SHA256:B51DC9CA6F6029A799491BD9B8DA18C9D9775116142CEDABE958C8BCEC96A0F0
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-D1OLT.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5492explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\unins000.exeexecutable
MD5:A26B572C6390211C1C1D22E3B72E0D2C
SHA256:C99DAE26F0F2E539D59FD493EEA2A86AD01006EB65392430DBD9DE8C30467918
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\is-LLLB4.tmpbinary
MD5:39AF0D86B85C2E2EE886A8322E7030AE
SHA256:074A6E78D5D1F813A2B66B1B062FA9AE77EFCCCF871B2694E127A61512974D18
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\is-3JJGQ.tmpxml
MD5:AC0F1E104F82D295C27646BFFF39FECC
SHA256:C4A3626BBCDFE4B17759E75582AD5F89BEAA28EFC857431F373E104FBE7B8440
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\is-72A3N.tmpexecutable
MD5:A26B572C6390211C1C1D22E3B72E0D2C
SHA256:C99DAE26F0F2E539D59FD493EEA2A86AD01006EB65392430DBD9DE8C30467918
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\is-SAAFK.tmpimage
MD5:CFE840B3366BE24AEA4DAD5D0104AE85
SHA256:300F547D1E37992ED005F81497369B7EDF42F60A86ED923821AC9B88899C232E
2136KeePass-2.56-Setup.tmpC:\Users\admin\AppData\Local\KeePass Password Safe 2\db.idximage
MD5:CFE840B3366BE24AEA4DAD5D0104AE85
SHA256:300F547D1E37992ED005F81497369B7EDF42F60A86ED923821AC9B88899C232E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
190
DNS requests
221
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5492
explorer.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
5492
explorer.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5492
explorer.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAXB9910exr3msQnoVqLZK4%3D
unknown
whitelisted
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 172.217.16.206
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.128
  • 20.190.160.22
  • 20.190.160.67
  • 20.190.160.66
  • 20.190.160.132
  • 20.190.160.5
  • 40.126.32.136
  • 20.190.160.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
2796
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
2796
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7480
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
KeePass-2.56-Setup.exe