File name:

kis21.3.10.391en_26095.exe

Full analysis: https://app.any.run/tasks/6d57adf5-0d5c-4dab-9554-ce0e9ec1146b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 22, 2025, 01:54:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
arch-exec
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

0BCD66275502042684F0A8FA8FAAE1E3

SHA1:

3DB2C3B6E790FEC6C0C7A62F53C126D0DDBE339E

SHA256:

3BDF8C5C32A862704B4C9390A687FCA6D2BE683F4CDA7C7153CF4776C6DFB3FC

SSDEEP:

98304:j5FfOWVbYrniSos+z525NWFRHepe6dyelLDu5O81DgBqkl+2LkwHQv7U2Omd+Akk:1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)

    • Executable content was dropped or overwritten

      • startup.exe (PID: 3624)
      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3148)

    • Reads security settings of Internet Explorer

      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • kis21.3.10.391en_26095.exe (PID: 3736)

    • Application launched itself

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)

    • The process verifies whether the antivirus software is installed

      • startup.exe (PID: 3148)

    • Adds/modifies Windows certificates

      • startup.exe (PID: 3148)

  • INFO

    • Create files in a temporary directory

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3876)
      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 2964)

    • Checks supported languages

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • kis21.3.10.391en_26095.exe (PID: 440)
      • startup.exe (PID: 3148)
      • TEST_WPF.EXE (PID: 5764)
      • msiexec.exe (PID: 5348)
      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 2964)

    • Reads the computer name

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • TEST_WPF.EXE (PID: 5764)
      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 5348)
      • msiexec.exe (PID: 2964)

    • The sample compiled with english language support

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 3876)
      • msiexec.exe (PID: 2964)

    • Reads the machine GUID from the registry

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • TEST_WPF.EXE (PID: 5764)

    • Checks for the presence of KasperskyLab

      • kis21.3.10.391en_26095.exe (PID: 3736)
      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)

    • Process checks whether UAC notifications are on

      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • kis21.3.10.391en_26095.exe (PID: 3736)

    • Checks proxy server information

      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3876)
      • slui.exe (PID: 6364)
      • kis21.3.10.391en_26095.exe (PID: 3736)

    • Creates files in the program directory

      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • kis21.3.10.391en_26095.exe (PID: 3736)

    • Reads the software policy settings

      • startup.exe (PID: 3624)
      • startup.exe (PID: 3148)
      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3876)
      • slui.exe (PID: 6364)
      • kis21.3.10.391en_26095.exe (PID: 3736)

    • Process checks computer location settings

      • startup.exe (PID: 3624)

    • Manual execution by a user

      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3876)
      • notepad.exe (PID: 6388)
      • notepad.exe (PID: 2232)
      • notepad.exe (PID: 1936)
      • notepad.exe (PID: 6104)
      • notepad.exe (PID: 2320)
      • notepad.exe (PID: 6128)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3876)
      • notepad.exe (PID: 2232)
      • notepad.exe (PID: 6388)
      • notepad.exe (PID: 1936)
      • notepad.exe (PID: 6104)
      • notepad.exe (PID: 6128)
      • notepad.exe (PID: 2320)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 5988)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5988)
      • msiexec.exe (PID: 3976)
      • msiexec.exe (PID: 3876)
      • msiexec.exe (PID: 2964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2005:02:23 07:48:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 302080
InitializedDataSize: 2449408
UninitializedDataSize: -
EntryPoint: 0x24c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.3.10.391
ProductVersionNumber: 21.3.10.391
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky Internet Security [21.3.10.391.0.21.0]
FileVersion: 21.3.10.391
LegalCopyright: © 2021 AO Kaspersky Lab
LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
ProductName: Kaspersky Internet Security
ProductVersion: 21.3.10.391
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
18
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kis21.3.10.391en_26095.exe startup.exe kis21.3.10.391en_26095.exe no specs startup.exe test_wpf.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs msiexec.exe msiexec.exe slui.exe notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs rundll32.exe no specs notepad.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
440"C:\Users\admin\Desktop\kis21.3.10.391en_26095.exe" -cleanup="C:\Users\admin\AppData\Local\Temp\3493F8ECE9660F114B0F817F87F669EE;3736"C:\Users\admin\Desktop\kis21.3.10.391en_26095.exekis21.3.10.391en_26095.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky Internet Security [21.3.10.391.0.21.0]
Exit code:
0
Version:
21.3.10.391
Modules
Images
c:\users\admin\desktop\kis21.3.10.391en_26095.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
1936"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\gdpr_ksn_2021_mr3__ksn.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2232"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\consumer_gdpr_kaspersky_secure_connection_for_windows_5_0_marketing__marketing.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2320"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ksn_2021_mr3__ksn.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2964C:\Windows\syswow64\MsiExec.exe -Embedding F00C71B4E45F9114E7E263F1F336414A CC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3148"C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.2472.0\au_setup_CE8F3945-669E-11F0-B4F0-18F7786F96EE\startup.exe" /-elevated=C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.2472.0\au_setup_CE8F3945-669E-11F0-B4F0-18F7786F96EE\startup.exe
startup.exe
User:
admin
Company:
Kaspersky
Integrity Level:
HIGH
Description:
Kaspersky Internet Security [21.3.10.391.0.2472.0 (a.b.c.d.e.f.g.h.i.j.k.l)]
Version:
21.3.10.391
Modules
Images
c:\programdata\kaspersky lab setup files\kis21.3.10.391.0.2472.0\au_setup_ce8f3945-669e-11f0-b4f0-18f7786f96ee\startup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
3624"C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.2472.0\au_setup_CE8F3945-669E-11F0-B4F0-18F7786F96EE\startup.exe" -auto_update_mode="C:\Users\admin\Desktop\kis21.3.10.391en_26095.exe" /-self_remove -l=en -xpos=346 -ypos=71 -prevsetupver=21.3.10.391.0.21.0C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.2472.0\au_setup_CE8F3945-669E-11F0-B4F0-18F7786F96EE\startup.exe
kis21.3.10.391en_26095.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky Internet Security [21.3.10.391.0.2472.0 (a.b.c.d.e.f.g.h.i.j.k.l)]
Version:
21.3.10.391
Modules
Images
c:\programdata\kaspersky lab setup files\kis21.3.10.391.0.2472.0\au_setup_ce8f3945-669e-11f0-b4f0-18f7786f96ee\startup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
3736"C:\Users\admin\Desktop\kis21.3.10.391en_26095.exe" C:\Users\admin\Desktop\kis21.3.10.391en_26095.exe
explorer.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky Internet Security [21.3.10.391.0.21.0]
Exit code:
0
Version:
21.3.10.391
Modules
Images
c:\users\admin\desktop\kis21.3.10.391en_26095.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
3876"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\Desktop\ksde.msiC:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1603
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3976C:\Windows\syswow64\MsiExec.exe -Embedding 910EC93CB002D791FDBF7E9E444178EB CC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
27 990
Read events
27 798
Write events
182
Delete events
10

Modification events

(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.21.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index-bases-x64-2.txt
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.21.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index-kleaner-2.txt
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.21.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\kdscrl.rdb
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLab\IEOverride\Main
Operation:writeName:Enable Browser Extensions
Value:
no
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLab\IEOverride\Main
Operation:writeName:UseSWRender
Value:
1
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.21.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.21.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0 C:\ProgramData\Kaspersky Lab Setup Files
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3736) kis21.3.10.391en_26095.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
20
Suspicious files
61
Text files
65
Unknown types
0

Dropped files

PID
Process
Filename
Type
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\kis-style.csstext
MD5:2B4BD0AFD0E9DD5C90FB8C3BB4A5D619
SHA256:F9963B403E053F6BFA7C87CAD3C10DD55CF1F94FEFE00C6380921440E28B48D2
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\jquery.custom_select.min.jsbinary
MD5:D2C620C462B75696EEA1FB22FB23602A
SHA256:DD678D32073078552E0E2C35EED78F16CC8D6E8662D4734518561A1B183F775C
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\check_new_version.htmlhtml
MD5:C0ACD601BA6F7602C1DFD719D2DB71A2
SHA256:48B22C62EF7BEA96D97915A8A4F7BB09F4FDC57B3B70126F10697AD9B0517D7B
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\3493F8ECE9660F114B0F817F87F669EE\setup.dllexecutable
MD5:786D3C7E536B9A0079FA2F13D079FF45
SHA256:0863008A8BF58B12BF5D83F9F123EA915B1548BF2A64B6E5FA120B3B58A57EEE
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\jquery-1.12.4.min.jsbinary
MD5:618538B4AB9639D444E962729A927F15
SHA256:27D92130C0321DAD5A03760FD5AC98A3D04ED4C94D88418FE6D50DA1F7FC5CBE
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\kis-loading.gifimage
MD5:69D4B9B309BFA6A87F7620647BAFD2D0
SHA256:F056164CF99799234C90E2318E90AB5D83D0FD855118224286FF0680EE455734
3736kis21.3.10.391en_26095.exeC:\ProgramData\Kaspersky Lab Setup Files\KIS21.3.10.391.0.21.0\kdscrl.rdbbinary
MD5:79A78149E4EF2E6E09CC061338C7B151
SHA256:E6C0DA20FC5D9EDA24E4128FAA5641F8B2D39951E0A0236C013E1F1EFCBF83FD
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\kis-script-lte-ie8.jsbinary
MD5:5134186180074C51639D7A514919ED23
SHA256:33E84B33FF911257E3A6A303C08A2CC178827DADB7DFD7C951E096866E02AD5E
3736kis21.3.10.391en_26095.exeC:\Users\admin\AppData\Local\Temp\CE8F3944-669E-11F0-B4F0-18F7786F96EE\kis-print.csstext
MD5:1304724DD5001B2600FC5BD80C098F1E
SHA256:2481B34B48FD96B194405DA621E8E5F19142DCB55744F9C9A93591705CB697FD
3624startup.exeC:\Users\admin\AppData\Local\Temp\97EA062DE9660F114B0F817F87F669EE\setup.dllexecutable
MD5:3607F4444FB8A13D9E958688F170DE0F
SHA256:86BDEE58CEE0F42E05E0995B78FB4A769DDE2C9D8E448613D9AD18D75204EB41
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
90
TCP/UDP connections
35
DNS requests
12
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
109.248.196.5:443
https://dm.s.kaspersky-labs.com/en/KIS/21.3.10.391/x64/index2.txt
RU
text
6.42 Kb
unknown
GET
200
109.248.196.5:443
https://dm.s.kaspersky-labs.com/bases/kavkis2021mr3/kis/index-bases-x64-2.txt
RU
text
4.38 Kb
unknown
GET
200
195.122.169.10:443
https://dm.s.kaspersky-labs.com/kleaner/interactive2021.2/global/index-kleaner-2.txt
GB
text
4.03 Kb
unknown
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
825 b
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
GET
200
212.73.221.196:443
https://dm.s.kaspersky-labs.com/bases/kavkis2021mr3/KIS/kdscrl.rdb.z
FR
compressed
4.86 Kb
unknown
GET
200
109.248.196.5:443
https://dm.s.kaspersky-labs.com/en/KIS/21.3.10.391/x64/index2.txt
RU
text
6.42 Kb
unknown
3876
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
GET
200
195.122.169.10:443
https://dm.s.kaspersky-labs.com/bases/kavkis2021mr3/kis/index-bases-x64-2.txt
GB
text
4.38 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3876
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3736
kis21.3.10.391en_26095.exe
212.73.221.196:443
dm.s.kaspersky-labs.com
LEVEL3
FR
suspicious
5944
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3876
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.238
whitelisted
dm.s.kaspersky-labs.com
  • 212.73.221.196
  • 195.122.169.10
  • 109.248.196.5
unknown
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.42
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
redirect.kaspersky.com
  • 79.133.169.118
whitelisted
www.not.existing.kaspersky.com
  • 77.74.178.24
whitelisted
ocsp.globalsign.com
  • 151.101.2.133
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.194.133
whitelisted
self.events.data.microsoft.com
  • 52.182.141.63
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kis21.3.10.391en_26095.exe