File name:

kaspersky4win202121.20.8.505es_46444.exe

Full analysis: https://app.any.run/tasks/7aa4edee-9611-4197-9149-ace935bc4d02
Verdict: Malicious activity
Analysis date: February 14, 2025, 18:56:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

94E5B58283657D00972EFC322FE645B1

SHA1:

4663B66CD6AF42FE76E4038DA89B528209B0391B

SHA256:

5AD5001E699AF26289D89D1C2017A2B389BCD8AA5DD02BD134F144A34DB315AD

SSDEEP:

98304:MV74N9S7Yhd62jdiVYmSCG/LsdfR1NHqLOLusAtJyN2rv4UM8WJsSjK1XscXH1cj:vfYrOVV/tlhiZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • msiexec.exe (PID: 6728)

    • Antivirus name has been found in the command line (generic signature)

      • avp.exe (PID: 1612)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)
      • upgrade_launcher.exe (PID: 4976)

    • Application launched itself

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avp.exe (PID: 1612)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Reads security settings of Internet Explorer

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • setup_ui.exe (PID: 6480)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)

    • Checks Windows Trust Settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)

    • Starts itself from another location

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)

    • Adds/modifies Windows certificates

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avp.exe (PID: 1612)

    • The process verifies whether the antivirus software is installed

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6728)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 7144)
      • conhost.exe (PID: 6384)
      • regsvr32.exe (PID: 2744)
      • regsvr32.exe (PID: 5864)
      • regsvr32.exe (PID: 3912)
      • msiexec.exe (PID: 6828)
      • plugins-setup.exe (PID: 6684)
      • bcdedit.exe (PID: 6320)
      • plugins-setup.exe (PID: 6716)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 4308)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avpui.exe (PID: 2996)
      • avp.exe (PID: 1612)
      • avp.exe (PID: 6092)
      • msiexec.exe (PID: 6244)
      • avpui.exe (PID: 1296)

    • There is functionality for taking screenshot (YARA)

      • setup_ui.exe (PID: 6480)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7144)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 7144)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6728)
      • msiexec.exe (PID: 6828)
      • avp.exe (PID: 1612)

    • Creates files in the driver directory

      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6728)
      • avp.exe (PID: 1612)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6728)
      • msiexec.exe (PID: 6244)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6728)
      • msiexec.exe (PID: 6244)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 7144)
      • regsvr32.exe (PID: 2744)
      • regsvr32.exe (PID: 5864)
      • regsvr32.exe (PID: 3912)

    • Executes as Windows Service

      • avp.exe (PID: 1612)

    • Creates or modifies Windows services

      • avp.exe (PID: 1612)

  • INFO

    • The sample compiled with english language support

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)
      • avp.exe (PID: 1612)
      • drvinst.exe (PID: 4724)
      • upgrade_launcher.exe (PID: 4976)

    • Checks supported languages

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • setup_ui.exe (PID: 6480)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)
      • drvinst.exe (PID: 4724)
      • plugins-setup.exe (PID: 6684)
      • plugins-setup.exe (PID: 6716)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 4308)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)
      • avpui.exe (PID: 2996)
      • avp.exe (PID: 6092)
      • upgrade_launcher.exe (PID: 4976)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6012)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 4164)

    • Process checks whether UAC notifications are on

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Checks for the presence of KasperskyLab

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avpui.exe (PID: 1296)

    • Creates files in the program directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 6716)
      • avp.exe (PID: 1612)
      • upgrade_launcher.exe (PID: 4976)
      • plugins-setup.exe (PID: 4308)

    • Reads the machine GUID from the registry

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • setup_ui.exe (PID: 6480)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)

    • Reads the computer name

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • setup_ui.exe (PID: 6480)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6828)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)
      • avpui.exe (PID: 2996)
      • avp.exe (PID: 6092)
      • upgrade_launcher.exe (PID: 4976)
      • plugins-setup.exe (PID: 4308)

    • Create files in a temporary directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6244)

    • Creates files or folders in the user directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • msiexec.exe (PID: 7144)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Reads the software policy settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 7144)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6828)
      • avp.exe (PID: 1612)

    • Process checks computer location settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)

    • Checks proxy server information

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Reads Environment values

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avp.exe (PID: 1612)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)

    • Creates or modifies Windows services

      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7144)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 7144)

    • Application launched itself

      • msiexec.exe (PID: 7144)

    • Reads CPU info

      • avp.exe (PID: 1612)

    • Reads the time zone

      • avp.exe (PID: 1612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:01:18 12:09:09+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 254976
InitializedDataSize: 4492800
UninitializedDataSize: -
EntryPoint: 0x3af0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.20.8.505
ProductVersionNumber: 21.20.8.505
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky [21.20.8.505.0.74.0]
FileVersion: 21.20.8.505
LegalCopyright: © 2025 AO Kaspersky Lab
LegalTrademarks: Las marcas registradas y las marcas de servicio son propiedad de sus respectivos dueños
ProductName: Kaspersky
ProductVersion: 21.20.8.505
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
27
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kaspersky4win202121.20.8.505es_46444.exe setup_ui.exe kaspersky4win202121.20.8.505es_46444.exe kaspersky4win202121.20.8.505es_46444.exe setup_ui.exe no specs msiexec.exe msiexec.exe msiexec.exe msiexec.exe drvinst.exe bcdedit.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs avp.exe avpui.exe no specs avpui.exe no specs avp.exe no specs upgrade_launcher.exe kaspersky4win202121.20.8.505es_46444.exe no specs kaspersky4win202121.20.8.505es_46444.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exe" -hideuntilnavigateC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exeavp.exe
User:
admin
Company:
AO Kaspersky Lab
Integrity Level:
MEDIUM
Description:
Kaspersky
Version:
21.20.8.505
1612"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avp.exe" -rC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avp.exe
services.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Kaspersky Lab launcher
Version:
21.4.0.0
1792"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exe" --install --browser=chrome --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
21.20.8.505
2744"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\shellex.dll" /s /i:"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\ kiskavpure"C:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2996"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exe" -nosplashnavigationC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exekaspersky4win202121.20.8.505es_46444.exe
User:
admin
Company:
AO Kaspersky Lab
Integrity Level:
MEDIUM
Description:
Kaspersky
Exit code:
0
Version:
21.20.8.505
3912"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\kpm_integration.dll" /sC:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
4164"C:\Users\admin\AppData\Local\Temp\kaspersky4win202121.20.8.505es_46444.exe" -cleanup="C:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE;5640"C:\Users\admin\AppData\Local\Temp\kaspersky4win202121.20.8.505es_46444.exekaspersky4win202121.20.8.505es_46444.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.20.8.505.0.74.0]
Exit code:
0
Version:
21.20.8.505
4308"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exe" --install --browser=edge-new --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
21.20.8.505
4724DrvInst.exe "4" "1" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\klimx64\klim6.inf" "9" "4a5287edb" "00000000000001BC" "WinSta0\Default" "00000000000001DC" "208" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\klimx64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
4976"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\upgrade_launcher.exe" /initUpgrade "C:\Program Files\Common Files\AV\Kaspersky"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\upgrade_launcher.exe
avp.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Kaspersky Upgrade Launcher
Exit code:
0
Version:
21.20.8.505
Total events
63 804
Read events
55 669
Write events
8 026
Delete events
109

Modification events

(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
-1
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
0
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
4
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
230
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
Free
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:PreferredUI
Value:
0
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:PreferredUI
Value:
1
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0
Operation:writeName:TrashFiles
Value:
C:\Users\admin\AppData\Local\Temp\discovery.cfg
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:FusSenderService_Events
Value:
0
Executable files
1 096
Suspicious files
829
Text files
631
Unknown types
1

Dropped files

PID
Process
Filename
Type
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2025-02-14-18-56-43_KAV.21.20.8.505.logbinary
MD5:EDDEAFB2E74B2A3E57F91E1BC62A4795
SHA256:5FF25CB49C5ABDE3455C4F2D6C4B0FA7431E89D8E894885167638C648A025D48
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\GuiStrings_KFA.loctext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.ui.framework.uikit.dllbinary
MD5:53849B06E3880F3969D228CA15CFBB7F
SHA256:EFF0F027F46F9BFEFEA3360B63D25446D3BBE5DB5452D16F7C570757120CD0EC
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\GuiStrings.lochtml
MD5:09C4E9F41C4B8BFDB6BF8916AF730ECD
SHA256:57BF969D3C10D5BE0A4B31B8E530C1E005622C8DC809EE4FBD4C214F3B3E9A37
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.ui.framework.uikit.b2c.dllexecutable
MD5:F01C9C2D3ED268A2E371A61DD9EF43A4
SHA256:8A428A5F78C052A43B917FD9C379145192A81D6CF9884BF7EC209DD8481C5C3F
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\setup_ui.exeexecutable
MD5:C851B9409366F5060AFFC6B035A48824
SHA256:A8ADC2B3F7A76821278F309DE96E7F6757EB70C5301052744CF2BDFD48B57772
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.setup.ui.interoplayer.dllexecutable
MD5:B81370D7A74134F62117DFF012B2D088
SHA256:53825576D72378C763ACE5D67049083D60C01F1FD907DEB9EA8CD6B4CD3C8963
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\sharpvectorcss.dllexecutable
MD5:A62C3D715DED4B5CA9AB067A5862E577
SHA256:0DBDB769BB9D44008CC83803218F0CBDD4928B81B79742FB33F3F82FCF0CB46F
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\setup.dllexecutable
MD5:9BA4FE94E1B287055466332A4FAF65E4
SHA256:00EA5ED47E25704299AE8AE043C6CA0F9CDEBE49C5E66789BD2692B0E0F866AD
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.setup.ui.visuals.dllexecutable
MD5:41D7E3958DA5612753148CD66DD70E3C
SHA256:6E2FC88D95B924DD95DBB64FB0FAA41763FC8AD8EE946F13C97602DBC0F69599
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
75
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4024
svchost.exe
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5640
kaspersky4win202121.20.8.505es_46444.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
7144
msiexec.exe
GET
200
151.101.66.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDBO%2F8SXGUNfFoIIgjw%3D%3D
unknown
whitelisted
6820
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1612
avp.exe
GET
200
46.8.206.115:80
http://crl.kaspersky.com/cdp/KSNGlobalRootCAECC.crl
unknown
whitelisted
6820
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
23.215.121.133:80
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.215.121.133:80
AKAMAI-AS
DE
unknown
4024
svchost.exe
23.215.121.133:80
AKAMAI-AS
DE
unknown
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.16.204.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
www.bing.com
  • 2.16.204.155
  • 2.16.204.143
  • 2.16.204.145
  • 2.16.204.158
  • 2.16.204.161
  • 2.16.204.151
  • 2.16.204.135
  • 2.16.204.146
  • 2.16.204.152
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.2
  • 20.190.159.71
  • 40.126.31.2
  • 20.190.159.0
  • 40.126.31.129
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
ds.kaspersky.com
  • 82.202.185.146
  • 82.202.184.184
  • 81.19.104.172
  • 82.202.185.148
  • 62.67.238.152
  • 62.67.238.151
  • 82.202.184.193
whitelisted
dm.s.kaspersky-labs.com
  • 80.231.123.135
  • 195.122.169.10
  • 80.239.174.35
unknown
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted

Threats

No threats detected
Process
Message
setup_ui.exe
LocalizationEngine Making localization parameters
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui.interoplayer, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.ui.framework, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui.core, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
setup_ui.exe Information: 0 :
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kaspersky4win202121.20.8.505es_46444.exe