File name:

kryptex-setup-latest.exe

Full analysis: https://app.any.run/tasks/09d6ec1e-b09e-4dfa-ba1a-3e83e165e3c7
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 04, 2024, 02:11:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
MD5:

C7460D50917D4002B4711AD8D2880D98

SHA1:

23B9F862262EB1C9099098A64BB838BE005EC7AD

SHA256:

6FEE40CFBAA8BE085C641CBEA020BB84BCD6F535BFDBC79CBB60A1C1F798BC1B

SSDEEP:

6144:moGmx8A7nQFh2OcIFMJ+yPbp0st4oPp0st4oU8Y:moGWnQF8HIFMJfbpLt4oPpLt4oU8Y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • kryptex-setup-4.46.6.exe (PID: 6844)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • kryptex-setup-latest.exe (PID: 6276)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • kryptex-setup-4.46.6.exe (PID: 6844)

    • Executable content was dropped or overwritten

      • kryptex-setup-4.46.6.exe (PID: 6844)
      • Kryptex.exe (PID: 2928)
      • Kryptex.exe (PID: 4128)

    • Checks Windows Trust Settings

      • kryptex-setup-latest.exe (PID: 6276)

    • Drops 7-zip archiver for unpacking

      • kryptex-setup-4.46.6.exe (PID: 6844)

    • Process drops legitimate windows executable

      • kryptex-setup-4.46.6.exe (PID: 6844)

    • Starts CMD.EXE for commands execution

      • Kryptex.exe (PID: 2928)
      • Kryptex.exe (PID: 4128)

    • The process executes via Task Scheduler

      • Kryptex.exe (PID: 6236)

    • Application launched itself

      • Kryptex.exe (PID: 6236)
      • Kryptex.exe (PID: 7136)

    • Uses WMIC.EXE to obtain operating system information

      • Kryptex.exe (PID: 4128)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7004)

    • Uses WMIC.EXE to obtain data on the virtual memory file swapping

      • Kryptex.exe (PID: 4128)

    • Uses WMIC.EXE to obtain network information

      • cmd.exe (PID: 6284)
      • cmd.exe (PID: 1472)
      • cmd.exe (PID: 3700)
      • cmd.exe (PID: 3700)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 396)
      • cmd.exe (PID: 2736)

    • Uses WMIC.EXE to obtain local storage devices information

      • Kryptex.exe (PID: 4128)

  • INFO

    • Reads the computer name

      • kryptex-setup-latest.exe (PID: 6276)

    • Checks supported languages

      • kryptex-setup-latest.exe (PID: 6276)

    • Checks proxy server information

      • kryptex-setup-latest.exe (PID: 6276)

    • Reads the machine GUID from the registry

      • kryptex-setup-latest.exe (PID: 6276)

    • Reads the software policy settings

      • kryptex-setup-latest.exe (PID: 6276)

    • Manual execution by a user

      • Kryptex.exe (PID: 7136)

    • Changes the display of characters in the console

      • cmd.exe (PID: 7004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:11:26 12:41:08+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.42
CodeSize: 69120
InitializedDataSize: 161792
UninitializedDataSize: -
EntryPoint: 0x3458
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kryptex
FileDescription: Kryptex App Web Installer
FileVersion: 1.0.0.1
InternalName: kryptex-setup-latest.exe
LegalCopyright: Copyright Kryptex (C) 2024
OriginalFileName: kryptex-setup-latest.exe
ProductName: Kryptex
ProductVersion: 1.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
297
Monitored processes
174
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start kryptex-setup-latest.exe kryptex-setup-4.46.6.exe no specs kryptex-setup-4.46.6.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe kryptex.exe comppkgsrv.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe kryptex.exe comppkgsrv.exe no specs wmic.exe no specs conhost.exe no specs kryptex.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs pagefile.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396C:\WINDOWS\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f"C:\Windows\System32\cmd.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
448reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersionC:\Windows\System32\reg.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
732\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
880reg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersionC:\Windows\System32\reg.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1200\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddressC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1472C:\WINDOWS\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"C:\Windows\System32\cmd.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1480wmic os get localeC:\Windows\System32\wbem\WMIC.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1480\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
17 153
Read events
17 081
Write events
18
Delete events
54

Modification events

(PID) Process:(6276) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6276) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6276) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:InstallLocation
Value:
C:\Program Files\Kryptex
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:ShortcutName
Value:
Kryptex
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:DisplayName
Value:
Kryptex 4.46.6
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:UninstallString
Value:
"C:\Program Files\Kryptex\Uninstall Kryptex.exe" /allusers
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Kryptex\Uninstall Kryptex.exe" /allusers /S
(PID) Process:(6844) kryptex-setup-4.46.6.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:DisplayVersion
Value:
4.46.6
Executable files
36
Suspicious files
113
Text files
16
Unknown types
8

Dropped files

PID
Process
Filename
Type
6276kryptex-setup-latest.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\kryptex-setup-4.46.6[1].exe
MD5:
SHA256:
6844kryptex-setup-4.46.6.exeC:\Users\admin\AppData\Local\Temp\nsb250C.tmp\app-64.7z
MD5:
SHA256:
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\icudtl.dat
MD5:
SHA256:
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\LICENSES.chromium.html
MD5:
SHA256:
6844kryptex-setup-4.46.6.exeC:\Users\admin\AppData\Local\Temp\nsb250C.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\chrome_100_percent.pakpgc
MD5:109EE8FFD715C63E3E2248C2AD5CA559
SHA256:B581F176C6BDBF8A152947FB37AF9C0E6D7651616408CB7312B336C37A704580
6844kryptex-setup-4.46.6.exeC:\Users\admin\AppData\Local\Temp\nsb250C.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\locales\cs.pakpgc
MD5:43D386593E5A1E1171E8D4B44099DEAB
SHA256:901786DD658FE0D92C8164C602EB6C561671348705945527CBB1F762184F7EA0
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\locales\am.pakpgc
MD5:D3C12CBCFD29ADB63F8314FE0FD3F8EC
SHA256:D61B254715FD71356B55A700B4B818C050507DED9F7474225E6E1AA1825616B5
6844kryptex-setup-4.46.6.exeC:\Program Files\Kryptex\locales\ca.pakpgc
MD5:E285AD8235B1EE37782EC312A1F26568
SHA256:39702855F1542560AA20A36F243A87C29488AC9F16C702CC775D8A451720B1C7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
30
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
136.244.85.57:443
https://api.kryptex.com/api/v3/versions/stable
US
unknown
4712
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
5340
RUXIMICS.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
5340
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
GET
200
23.50.131.91:443
https://9a7f6a3c-8431-438c-89d9-90924a59e618.akamaized.net/installer/4.46.6/kryptex-setup-4.46.6.exe
US
executable
67.0 Mb
whitelisted
POST
200
78.46.91.122:443
https://sentry-app.kryptex.org/api/6/envelope/
DE
binary
2 b
whitelisted
POST
200
78.46.91.122:443
https://sentry-app.kryptex.org/api/6/envelope/
DE
binary
2 b
whitelisted
POST
200
78.46.91.122:443
https://sentry-app.kryptex.org/api/6/envelope/
DE
binary
2 b
whitelisted
POST
429
78.46.91.122:443
https://sentry-app.kryptex.org/api/6/envelope/
DE
binary
45 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5856
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5340
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6276
kryptex-setup-latest.exe
136.244.85.57:443
api.kryptex.com
AS-CHOOPA
DE
unknown
5856
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6276
kryptex-setup-latest.exe
23.50.131.91:443
9a7f6a3c-8431-438c-89d9-90924a59e618.akamaized.net
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
www.bing.com
  • 104.126.37.128
  • 104.126.37.161
  • 104.126.37.179
  • 104.126.37.136
  • 104.126.37.153
whitelisted
google.com
  • 142.250.186.142
whitelisted
api.kryptex.com
  • 136.244.85.57
unknown
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
9a7f6a3c-8431-438c-89d9-90924a59e618.akamaized.net
  • 23.50.131.91
  • 23.50.131.69
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
sentry-app.kryptex.org
  • 78.46.91.122
whitelisted
self.events.data.microsoft.com
  • 20.189.173.24
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kryptex-setup-latest.exe