File name:

kaspersky4win202121.20.8.505es_46444.exe

Full analysis: https://app.any.run/tasks/7aa4edee-9611-4197-9149-ace935bc4d02
Verdict: Malicious activity
Analysis date: February 14, 2025, 18:56:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

94E5B58283657D00972EFC322FE645B1

SHA1:

4663B66CD6AF42FE76E4038DA89B528209B0391B

SHA256:

5AD5001E699AF26289D89D1C2017A2B389BCD8AA5DD02BD134F144A34DB315AD

SSDEEP:

98304:MV74N9S7Yhd62jdiVYmSCG/LsdfR1NHqLOLusAtJyN2rv4UM8WJsSjK1XscXH1cj:vfYrOVV/tlhiZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • msiexec.exe (PID: 6728)

    • Antivirus name has been found in the command line (generic signature)

      • avp.exe (PID: 1612)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • setup_ui.exe (PID: 6480)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)

    • Executable content was dropped or overwritten

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)
      • upgrade_launcher.exe (PID: 4976)

    • Checks Windows Trust Settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • msiexec.exe (PID: 7144)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)

    • Application launched itself

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avp.exe (PID: 1612)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Starts itself from another location

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)

    • Adds/modifies Windows certificates

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avp.exe (PID: 1612)

    • There is functionality for taking screenshot (YARA)

      • setup_ui.exe (PID: 6480)

    • The process verifies whether the antivirus software is installed

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6728)
      • drvinst.exe (PID: 4724)
      • regsvr32.exe (PID: 5864)
      • bcdedit.exe (PID: 6320)
      • conhost.exe (PID: 6384)
      • plugins-setup.exe (PID: 6716)
      • msiexec.exe (PID: 6828)
      • regsvr32.exe (PID: 2744)
      • regsvr32.exe (PID: 3912)
      • plugins-setup.exe (PID: 6684)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 4308)
      • msiexec.exe (PID: 7144)
      • avpui.exe (PID: 2996)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avp.exe (PID: 1612)
      • msiexec.exe (PID: 6244)
      • avp.exe (PID: 6092)
      • avpui.exe (PID: 1296)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7144)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 7144)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6728)
      • avp.exe (PID: 1612)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)

    • Creates files in the driver directory

      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6728)
      • avp.exe (PID: 1612)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 7144)
      • regsvr32.exe (PID: 2744)
      • regsvr32.exe (PID: 5864)
      • regsvr32.exe (PID: 3912)

    • Executes as Windows Service

      • avp.exe (PID: 1612)

    • Creates or modifies Windows services

      • avp.exe (PID: 1612)

  • INFO

    • The sample compiled with english language support

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • msiexec.exe (PID: 6728)
      • avp.exe (PID: 1612)
      • upgrade_launcher.exe (PID: 4976)

    • Checks supported languages

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 7144)
      • setup_ui.exe (PID: 6480)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • plugins-setup.exe (PID: 6716)
      • plugins-setup.exe (PID: 6684)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 4308)
      • avpui.exe (PID: 1296)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 2996)
      • upgrade_launcher.exe (PID: 4976)
      • avp.exe (PID: 6092)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6012)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 4164)

    • Reads the computer name

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6400)
      • setup_ui.exe (PID: 6480)
      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6728)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • plugins-setup.exe (PID: 4308)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)
      • avpui.exe (PID: 2996)
      • upgrade_launcher.exe (PID: 4976)
      • avp.exe (PID: 6092)

    • Reads the machine GUID from the registry

      • setup_ui.exe (PID: 5788)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • msiexec.exe (PID: 7144)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)
      • setup_ui.exe (PID: 6480)

    • Create files in a temporary directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6244)

    • Checks proxy server information

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Reads the software policy settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • msiexec.exe (PID: 7144)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 6828)
      • drvinst.exe (PID: 4724)
      • avp.exe (PID: 1612)

    • Process checks whether UAC notifications are on

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)

    • Creates files in the program directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • plugins-setup.exe (PID: 6716)
      • plugins-setup.exe (PID: 1792)
      • plugins-setup.exe (PID: 4308)
      • avp.exe (PID: 1612)
      • upgrade_launcher.exe (PID: 4976)

    • Checks for the presence of KasperskyLab

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avpui.exe (PID: 1296)

    • Process checks computer location settings

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • avp.exe (PID: 1612)
      • avpui.exe (PID: 1296)

    • Creates files or folders in the user directory

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 5640)
      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • msiexec.exe (PID: 7144)

    • Reads Environment values

      • kaspersky4win202121.20.8.505es_46444.exe (PID: 6424)
      • avp.exe (PID: 1612)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7144)
      • msiexec.exe (PID: 6244)
      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)

    • Application launched itself

      • msiexec.exe (PID: 7144)

    • Creates or modifies Windows services

      • msiexec.exe (PID: 6828)
      • msiexec.exe (PID: 6728)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 7144)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7144)

    • Reads CPU info

      • avp.exe (PID: 1612)

    • Reads the time zone

      • avp.exe (PID: 1612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:01:18 12:09:09+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 254976
InitializedDataSize: 4492800
UninitializedDataSize: -
EntryPoint: 0x3af0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.20.8.505
ProductVersionNumber: 21.20.8.505
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky [21.20.8.505.0.74.0]
FileVersion: 21.20.8.505
LegalCopyright: © 2025 AO Kaspersky Lab
LegalTrademarks: Las marcas registradas y las marcas de servicio son propiedad de sus respectivos dueños
ProductName: Kaspersky
ProductVersion: 21.20.8.505
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
27
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kaspersky4win202121.20.8.505es_46444.exe setup_ui.exe kaspersky4win202121.20.8.505es_46444.exe kaspersky4win202121.20.8.505es_46444.exe setup_ui.exe no specs msiexec.exe msiexec.exe msiexec.exe msiexec.exe drvinst.exe bcdedit.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs avp.exe avpui.exe no specs avpui.exe no specs avp.exe no specs upgrade_launcher.exe kaspersky4win202121.20.8.505es_46444.exe no specs kaspersky4win202121.20.8.505es_46444.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exe" -hideuntilnavigateC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exeavp.exe
User:
admin
Company:
AO Kaspersky Lab
Integrity Level:
MEDIUM
Description:
Kaspersky
Version:
21.20.8.505
1612"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avp.exe" -rC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avp.exe
services.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Kaspersky Lab launcher
Version:
21.4.0.0
1792"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exe" --install --browser=chrome --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
21.20.8.505
2744"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\shellex.dll" /s /i:"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\ kiskavpure"C:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2996"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exe" -nosplashnavigationC:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\avpui.exekaspersky4win202121.20.8.505es_46444.exe
User:
admin
Company:
AO Kaspersky Lab
Integrity Level:
MEDIUM
Description:
Kaspersky
Exit code:
0
Version:
21.20.8.505
3912"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\kpm_integration.dll" /sC:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
4164"C:\Users\admin\AppData\Local\Temp\kaspersky4win202121.20.8.505es_46444.exe" -cleanup="C:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE;5640"C:\Users\admin\AppData\Local\Temp\kaspersky4win202121.20.8.505es_46444.exekaspersky4win202121.20.8.505es_46444.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.20.8.505.0.74.0]
Exit code:
0
Version:
21.20.8.505
4308"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exe" --install --browser=edge-new --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
21.20.8.505
4724DrvInst.exe "4" "1" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\klimx64\klim6.inf" "9" "4a5287edb" "00000000000001BC" "WinSta0\Default" "00000000000001DC" "208" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\klimx64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
4976"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\upgrade_launcher.exe" /initUpgrade "C:\Program Files\Common Files\AV\Kaspersky"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.20\upgrade_launcher.exe
avp.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Kaspersky Upgrade Launcher
Exit code:
0
Version:
21.20.8.505
Total events
63 804
Read events
55 669
Write events
8 026
Delete events
109

Modification events

(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
-1
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
0
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
4
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
230
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
Free
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:PreferredUI
Value:
0
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:PreferredUI
Value:
1
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0
Operation:writeName:TrashFiles
Value:
C:\Users\admin\AppData\Local\Temp\discovery.cfg
(PID) Process:(5640) kaspersky4win202121.20.8.505es_46444.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.20.8.505.0.74.0\volatile
Operation:writeName:FusSenderService_Events
Value:
0
Executable files
1 096
Suspicious files
829
Text files
631
Unknown types
1

Dropped files

PID
Process
Filename
Type
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\downloader_neutral.initext
MD5:635000D027160A52E2320AD7D4B0A857
SHA256:8E6025B49C9D1F8B3134357125D01B71EBD69258E7F90E97C0B3BF8D3886D1C6
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\GuiStrings_KFA.loctext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\setup.dllexecutable
MD5:9BA4FE94E1B287055466332A4FAF65E4
SHA256:00EA5ED47E25704299AE8AE043C6CA0F9CDEBE49C5E66789BD2692B0E0F866AD
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\GuiStrings.lochtml
MD5:09C4E9F41C4B8BFDB6BF8916AF730ECD
SHA256:57BF969D3C10D5BE0A4B31B8E530C1E005622C8DC809EE4FBD4C214F3B3E9A37
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2025-02-14-18-56-43_KAV.21.20.8.505.logbinary
MD5:EDDEAFB2E74B2A3E57F91E1BC62A4795
SHA256:5FF25CB49C5ABDE3455C4F2D6C4B0FA7431E89D8E894885167638C648A025D48
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2025-02-14-18-56-43_KFA.21.20.8.505.logbinary
MD5:EDDEAFB2E74B2A3E57F91E1BC62A4795
SHA256:5FF25CB49C5ABDE3455C4F2D6C4B0FA7431E89D8E894885167638C648A025D48
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6E0634A7-EB05-11EF-B4EA-18F7786F96EE\downloader_neutral_KFA.initext
MD5:2E10B2D4181D2F07D2DD305BD4285BD5
SHA256:CBB72CDC1E461226C7D0E49E7EF955F77DFEEF4F7FE12D0D8A8D0CF9658EDC78
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.ui.framework.uikit.media.setup.dllexecutable
MD5:C6542114AABA972428681A56853D4C98
SHA256:D3637A83D58F8AF0DF69239CCA678BF64848F3D9EFC653F4B7BC55D66150F49A
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.ui.framework.uikit.b2c.dllexecutable
MD5:F01C9C2D3ED268A2E371A61DD9EF43A4
SHA256:8A428A5F78C052A43B917FD9C379145192A81D6CF9884BF7EC209DD8481C5C3F
5640kaspersky4win202121.20.8.505es_46444.exeC:\Users\admin\AppData\Local\Temp\6A4360E650BEFE114BAE817F87F669EE\kl.setup.ui.core.dllexecutable
MD5:7222812CB257AC6AF69BEE410E3C37DA
SHA256:8CA644F5F2542478E9CC4B19E563B330BCEB917769A21EF38B9A9EE99B26D0A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
75
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4024
svchost.exe
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5640
kaspersky4win202121.20.8.505es_46444.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6820
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3688
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6820
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6424
kaspersky4win202121.20.8.505es_46444.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
23.215.121.133:80
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.215.121.133:80
AKAMAI-AS
DE
unknown
4024
svchost.exe
23.215.121.133:80
AKAMAI-AS
DE
unknown
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.16.204.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
www.bing.com
  • 2.16.204.155
  • 2.16.204.143
  • 2.16.204.145
  • 2.16.204.158
  • 2.16.204.161
  • 2.16.204.151
  • 2.16.204.135
  • 2.16.204.146
  • 2.16.204.152
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.2
  • 20.190.159.71
  • 40.126.31.2
  • 20.190.159.0
  • 40.126.31.129
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
ds.kaspersky.com
  • 82.202.185.146
  • 82.202.184.184
  • 81.19.104.172
  • 82.202.185.148
  • 62.67.238.152
  • 62.67.238.151
  • 82.202.184.193
whitelisted
dm.s.kaspersky-labs.com
  • 80.231.123.135
  • 195.122.169.10
  • 80.239.174.35
unknown
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted

Threats

No threats detected
Process
Message
setup_ui.exe
LocalizationEngine Making localization parameters
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui.interoplayer, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.ui.framework, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Localization Resources scanned in assembly 'kl.setup.ui.core, Version=21.20.8.505, Culture=neutral, PublicKeyToken=null'. Resources count: 0.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
setup_ui.exe Information: 0 :
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kaspersky4win202121.20.8.505es_46444.exe