File name:

Kontur.Dostup.Abonent.exe

Full analysis: https://app.any.run/tasks/5eacbcad-56be-4b46-a39c-917bdd5efaf6
Verdict: Malicious activity
Analysis date: September 03, 2024, 10:54:33
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

BD1BD32FA2D232F4E5AEF1625BFBCF06

SHA1:

BA926EA85239E81C0C6B0E0BF6DDA2D128834566

SHA256:

3120144FCF19C15CB1B480F2007CE0C7816C2068D38E138D74AD606BB9FBD3CE

SSDEEP:

98304:eubes+AssxXmByVHv16bFRXMSlEXvEy9701TZuGXn8YuDJQEHePCrPQW8un/8BE2:VXnuip5cX1f

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • kontur.updater.exe (PID: 5476)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)

    • Reads security settings of Internet Explorer

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • Kontur.Dostup.Abonent.exe (PID: 6656)

    • Executable content was dropped or overwritten

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)

    • Potential Corporate Privacy Violation

      • Kontur.Dostup.Abonent.exe (PID: 2068)

    • Checks Windows Trust Settings

      • Kontur.Dostup.Abonent.exe (PID: 2068)

    • Reads the date of Windows installation

      • Kontur.Dostup.Abonent.exe (PID: 6656)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 7080)

    • Application launched itself

      • Kontur.Dostup.Abonent.exe (PID: 6656)
      • Kontur.Dostup.Abonent.exe (PID: 2096)
      • session.server.exe (PID: 4076)

    • Executes as Windows Service

      • Kontur.Dostup.Abonent.exe (PID: 2096)

  • INFO

    • Checks supported languages

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • Kontur.Dostup.Abonent.exe (PID: 6656)
      • kontur.updater.exe (PID: 5476)
      • Kontur.Dostup.Abonent.exe (PID: 2096)
      • Kontur.Dostup.Abonent.exe (PID: 5888)
      • session.server.exe (PID: 4076)
      • kontur.dostup.session.host.exe (PID: 2520)
      • Kontur.Dostup.Abonent.exe (PID: 6252)
      • session.server.exe (PID: 1168)

    • Creates files or folders in the user directory

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)
      • session.server.exe (PID: 1168)
      • kontur.dostup.session.host.exe (PID: 2520)

    • Checks proxy server information

      • Kontur.Dostup.Abonent.exe (PID: 2068)

    • Reads the computer name

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)
      • Kontur.Dostup.Abonent.exe (PID: 6656)
      • Kontur.Dostup.Abonent.exe (PID: 2096)
      • Kontur.Dostup.Abonent.exe (PID: 5888)
      • session.server.exe (PID: 4076)
      • Kontur.Dostup.Abonent.exe (PID: 6252)
      • kontur.dostup.session.host.exe (PID: 2520)
      • session.server.exe (PID: 1168)

    • Reads the software policy settings

      • Kontur.Dostup.Abonent.exe (PID: 2068)

    • Create files in a temporary directory

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • nsistmp.exe (PID: 2228)
      • kontur.updater.exe (PID: 5476)

    • Reads the machine GUID from the registry

      • Kontur.Dostup.Abonent.exe (PID: 2068)
      • Kontur.Dostup.Abonent.exe (PID: 5888)
      • session.server.exe (PID: 4076)

    • Process checks whether UAC notifications are on

      • Kontur.Dostup.Abonent.exe (PID: 6656)
      • Kontur.Dostup.Abonent.exe (PID: 6252)
      • Kontur.Dostup.Abonent.exe (PID: 5888)
      • Kontur.Dostup.Abonent.exe (PID: 2096)

    • Reads Environment values

      • kontur.updater.exe (PID: 5476)

    • The process uses the downloaded file

      • Kontur.Dostup.Abonent.exe (PID: 6656)

    • Process checks computer location settings

      • Kontur.Dostup.Abonent.exe (PID: 6656)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:11:21+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 29184
InitializedDataSize: 195072
UninitializedDataSize: 2048
EntryPoint: 0x39b6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.9.0.4651
ProductVersionNumber: 4.9.0.4651
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: SKB Kontur remote control tool
CompanyName: PF SKB Kontur AO
FileDescription: Kontur.Dostup Abonent
FileVersion: 4.9.0.4651
InternalName: Kontur.Dostup Abonent
LegalCopyright: (C) 2021-2024 PF SKB Kontur AO
OriginalFileName: Kontur.Dostup.Abonent.exe
ProductName: Kontur.Dostup Abonent
ProductVersion: 4.9.0.4651
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
15
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start kontur.dostup.abonent.exe nsistmp.exe kontur.dostup.abonent.exe no specs kontur.updater.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs kontur.dostup.abonent.exe kontur.dostup.abonent.exe no specs kontur.dostup.abonent.exe session.server.exe no specs kontur.dostup.session.host.exe conhost.exe no specs session.server.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1168"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\session.server.exe" -controlapp -slave -pipeid=00000191B785F616C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\session.server.exesession.server.exe
User:
admin
Company:
PF SKB Kontur AO
Integrity Level:
MEDIUM
Description:
Контур.Доступ - Абонент
Version:
4.9.0.4809
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4809\components\session.server.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1700\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exekontur.dostup.session.host.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2068"C:\Users\admin\AppData\Local\Temp\Kontur.Dostup.Abonent.exe" C:\Users\admin\AppData\Local\Temp\Kontur.Dostup.Abonent.exe
explorer.exe
User:
admin
Company:
PF SKB Kontur AO
Integrity Level:
MEDIUM
Description:
Kontur.Dostup Abonent
Exit code:
0
Version:
4.9.0.4651
Modules
Images
c:\users\admin\appdata\local\temp\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2096"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\Kontur.Dostup.Abonent.exe" SessionID=1 RunAsAdmin=1 /ClearOldVersions=4.9.0.4651C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\Kontur.Dostup.Abonent.exeservices.exe
User:
SYSTEM
Company:
PF SKB Kontur AO
Integrity Level:
SYSTEM
Description:
Контур.Доступ - Абонент
Exit code:
0
Version:
4.9.0.4809
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4809\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2228"C:\Users\admin\AppData\Local\Temp\nsistmp.exe" /noupdate C:\Users\admin\AppData\Local\Temp\nsistmp.exe
Kontur.Dostup.Abonent.exe
User:
admin
Company:
PF SKB Kontur AO
Integrity Level:
MEDIUM
Description:
Kontur.Dostup Abonent
Exit code:
0
Version:
4.9.0.4809
Modules
Images
c:\users\admin\appdata\local\temp\nsistmp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2520"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\kontur.dostup.session.host.exe" session-id=1C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\kontur.dostup.session.host.exe
Kontur.Dostup.Abonent.exe
User:
SYSTEM
Company:
PF SKB Kontur AO
Integrity Level:
SYSTEM
Description:
Контур.Доступ - Абонент
Version:
4.9.0.4809
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4809\components\kontur.dostup.session.host.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
3036\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3900\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4076"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\session.server.exe" -system -pipeid=00000191B785F616C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\components\session.server.exeKontur.Dostup.Abonent.exe
User:
SYSTEM
Company:
PF SKB Kontur AO
Integrity Level:
SYSTEM
Description:
Контур.Доступ - Абонент
Version:
4.9.0.4809
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4809\components\session.server.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5476"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\kontur.updater.exe" /SC:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4809\kontur.updater.exe
nsistmp.exe
User:
admin
Company:
АО «ПФ «СКБ Контур»
Integrity Level:
MEDIUM
Description:
Контур.Автообновления 1.3.0.267
Exit code:
0
Version:
1.3.0.267
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4809\kontur.updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
19 166
Read events
18 862
Write events
304
Delete events
0

Modification events

(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:aeffc5056d9678f340814a7be28b70bdc22be5c432918fb3381a6c86e0f1c89f
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:3fa277fbedee19eb9bcf41026e3885fcf3dfae640d914960b96ed3e709d1ba01
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:998de96919e02ed6604976b63489a787b1cfcbd30568f2f7b704a8b2fe13f414
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:8b39c30bcea7417f25d328ec039da975c77c107d640445a51257c4a9efa3fb1b
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:841357de4541f587c05b795cf5a3ae01ad0d9bf38cc7b6b0d5edada67a3b8045
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:f5d1b0f5821e91ee4234daa88db36de7d981f4eb1fb487986a7e877af16bee29
Value:
4.9.0.4651
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2068) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
28
Suspicious files
8
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsyA08F.tmp\UserInfo.dllexecutable
MD5:D458B8251443536E4A334147E0170E95
SHA256:4913D4CCCF84CD0534069107CFF3E8E2F427160CAD841547DB9019310AC86CC7
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD76941B08ECB69B450D4C1AE579DB94_E6C7AE5F0D228B8B38E473D483E9A6FCbinary
MD5:FAA73BC0CD09314AA38A164863121C9E
SHA256:63EA9143CA0EC0F837FC960E76BBB13650D0D1FAB94B4B4307C87D57FD6789A3
2228nsistmp.exeC:\Users\admin\AppData\Local\Temp\nsfB3C8.tmp\hookldr.exeexecutable
MD5:8FF1F97E885208FB9390FA55CB02DE46
SHA256:F6F1BF2EF1EA165B24187314436C09538F442DCD593DC5C0028860D6B515B259
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DD76941B08ECB69B450D4C1AE579DB94_E6C7AE5F0D228B8B38E473D483E9A6FCder
MD5:B46D8FA54253941776C3A70EA692EA4C
SHA256:2CA2437C27C863F203AFA7FAF61CC9F7C330C7F23CC246053908464E9D14A718
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsyA08F.tmp\Updater.dllexecutable
MD5:E479C83750581C36108F539FF0A28568
SHA256:81BEE513D6DB0139D9B69E301B140CD88590EB57AF29FBB17CE83046E0C22847
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsistmp.exeexecutable
MD5:75EC461E3E8335F346059BF1139B2223
SHA256:CBF1B995D779AB921BC514F9DF54B471D8B7F45E7E8BB3EE76382F115738B0D3
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Updater.logtext
MD5:FE04DA548A52C80C8AC3AC4F072665CD
SHA256:021E73F681546773DA83067B4B0422D2F4A641A6D77259FF97846267DFC60C9B
2228nsistmp.exeC:\Users\admin\AppData\Local\Temp\nsfB3C8.tmp\Updater.dllexecutable
MD5:E479C83750581C36108F539FF0A28568
SHA256:81BEE513D6DB0139D9B69E301B140CD88590EB57AF29FBB17CE83046E0C22847
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753binary
MD5:AFFBCCCD1EA26E10414ED3640F14B930
SHA256:E7DECE43C01B73AB11B69C42D63CCCAA7CFDF90B10ADCBCD4E861515A4428A33
2068Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753der
MD5:E7BE74BB8DEDED18D599A164B7265710
SHA256:C35276A4E57C1DA5C58969833D111A741BD8CAE95C20AC9448A286FA734C8F89
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
35
DNS requests
17
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2068
Kontur.Dostup.Abonent.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsgccr3dvtlsca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQoKOHJRQbCE%2B3DXqwFiztBxLYdhwQUDZjAc3%2Brvb3ZR0tJrQpKDKw%2Bx3wCDC%2FidyW6Xo1L8DH%2F1A%3D%3D
unknown
whitelisted
2068
Kontur.Dostup.Abonent.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHe9DgdC1dnp0EnXdNAqb5o%3D
unknown
whitelisted
3716
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7076
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7076
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5796
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6412
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2068
Kontur.Dostup.Abonent.exe
46.17.203.51:443
help.kontur.ru
JSC SKB Kontur production
RU
whitelisted
2068
Kontur.Dostup.Abonent.exe
104.18.20.226:80
ocsp2.globalsign.com
CLOUDFLARENET
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3716
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.78
whitelisted
help.kontur.ru
  • 46.17.203.51
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
vncids.kontur.ru
  • 46.17.203.6
whitelisted
slscr.update.microsoft.com
  • 40.68.123.157
whitelisted

Threats

Found threats are available for the paid subscriptions
2 ETPRO signatures available at the full report
Process
Message
kontur.dostup.session.host.exe
10:54:55.737 Init Abonent.Session.Host nfx ================================================================
kontur.dostup.session.host.exe
kontur.dostup.session.host.exe
10:54:55.738 Init Abonent.Session.Host nfx Kontur.Dostup.Session.Host
kontur.dostup.session.host.exe
kontur.dostup.session.host.exe
10:54:55.741 Init Abonent.Session.Host nfx Version [ dev ] 4.9.0.4809
kontur.dostup.session.host.exe
kontur.dostup.session.host.exe
10:54:55.742 Init Abonent.Session.Host nfx ----------------------------------------------------------------
kontur.dostup.session.host.exe
kontur.dostup.session.host.exe
10:54:55.742 Init Abonent.Session.Host nfx (c) 2023 PF SKB Kontur AO
kontur.dostup.session.host.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Kontur.Dostup.Abonent.exe