File name:

kaspersky4win202121.18.5.438en_46727.exe

Full analysis: https://app.any.run/tasks/fa25b979-ddfb-4b48-854a-50b12415b11f
Verdict: Malicious activity
Analysis date: August 06, 2024, 07:17:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E093710DE498C854E3014A1277E5AFC7

SHA1:

34E3A148DA39D503DA4E94A9588456D328D62263

SHA256:

917468E45118ED61ED16185998516038408B275C0E89EC823CB76E6256B04147

SSDEEP:

98304:oa7U4cWFLYp9GKoyJvp6Vl9aKFFsbRcAZOk5qHPP13JApJCJPMt1o3ma2fwTT+Do:PMEzJll

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 3980)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • setup_ui.exe (PID: 6400)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • setup_ui.exe (PID: 6544)

    • Checks Windows Trust Settings

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Reads the date of Windows installation

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)

    • Application launched itself

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)

    • Starts itself from another location

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 3980)

    • Executable content was dropped or overwritten

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 3980)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)

    • The process verifies whether the antivirus software is installed

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Adds/modifies Windows certificates

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

  • INFO

    • Checks supported languages

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 3980)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • setup_ui.exe (PID: 6400)
      • setup_ui.exe (PID: 6544)

    • Reads the computer name

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • setup_ui.exe (PID: 6400)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 3980)
      • setup_ui.exe (PID: 6544)

    • Create files in a temporary directory

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Reads the machine GUID from the registry

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • setup_ui.exe (PID: 6400)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • setup_ui.exe (PID: 6544)

    • Checks proxy server information

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Reads the software policy settings

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Process checks whether UAC notifications are on

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Creates files in the program directory

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)

    • Creates files or folders in the user directory

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)

    • Process checks computer location settings

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)

    • Checks for the presence of KasperskyLab

      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6816)
      • kaspersky4win202121.18.5.438en_46727.exe (PID: 6496)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:04:01 13:47:06+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 248832
InitializedDataSize: 4416512
UninitializedDataSize: -
EntryPoint: 0x4260
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.18.5.438
ProductVersionNumber: 21.18.5.438
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky [21.18.5.438.0.43.0]
FileVersion: 21.18.5.438
LegalCopyright: © 2024 AO Kaspersky Lab
LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
ProductName: Kaspersky
ProductVersion: 21.18.5.438
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kaspersky4win202121.18.5.438en_46727.exe setup_ui.exe kaspersky4win202121.18.5.438en_46727.exe kaspersky4win202121.18.5.438en_46727.exe setup_ui.exe

Process information

PID
CMD
Path
Indicators
Parent process
3980"C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe" /-elevated=;"C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe"C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe
kaspersky4win202121.18.5.438en_46727.exe
User:
admin
Company:
Kaspersky
Integrity Level:
HIGH
Description:
Kaspersky [21.18.5.438.0.43.0]
Version:
21.18.5.438
Modules
Images
c:\users\admin\downloads\kaspersky4win202121.18.5.438en_46727.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
6400"C:\Users\admin\AppData\Local\Temp\FAB4BC004C35FE114B3E817F87F669EE\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAAAdd5eZR2yOyXOg/cC1pt3qAsAAAKAa//8NsXfMDeBryzkAIwAHAEQARQBTAEsAVABPAFAALQBKAEcATABMAEoATABEAAAABwAxADkAMgAuADEANgA4AC4AMQAwADAALgAxADMAMAAAAAAACQD//wAAHgD//wAAEAD//wAACgD//wAAFgD//wAAHwD//wAADgD//wAAAAA=:C:\Users\admin\AppData\Local\Temp\FAB4BC004C35FE114B3E817F87F669EE\setup_ui.exe
kaspersky4win202121.18.5.438en_46727.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.43.0]
Version:
21.18.5.438
Modules
Images
c:\users\admin\appdata\local\temp\fab4bc004c35fe114b3e817f87f669ee\setup_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
6496"C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe" C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe
explorer.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.43.0]
Version:
21.18.5.438
Modules
Images
c:\users\admin\downloads\kaspersky4win202121.18.5.438en_46727.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
6544"C:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAAD8PsN4d/vfYQAXLdQJSl2+AhgAAGAZ//8l7XpZ1SCQXjkAIwAHAEQARQBTAEsAVABPAFAALQBKAEcATABMAEoATABEAAAABwAxADkAMgAuADEANgA4AC4AMQAwADAALgAxADMAMAAAAAAACQD//wAAHgD//wAAEAD//wAACgD//wAAFgD//wAAHwD//wAADgD//wAAAAA=:C:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\setup_ui.exe
kaspersky4win202121.18.5.438en_46727.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.43.0]
Exit code:
0
Version:
21.18.5.438
Modules
Images
c:\users\admin\appdata\local\temp\110e256f3c35fe114b3e817f87f669ee\setup_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
6816"C:\WINDOWS\temp\B80E5B004C35FE114B3E817F87F669EE\kaspersky4win202121.18.5.438en_46727.exe" /-elevated=;"C:\Users\admin\Downloads\kaspersky4win202121.18.5.438en_46727.exe"C:\Windows\Temp\B80E5B004C35FE114B3E817F87F669EE\kaspersky4win202121.18.5.438en_46727.exe
kaspersky4win202121.18.5.438en_46727.exe
User:
admin
Company:
Kaspersky
Integrity Level:
HIGH
Description:
Kaspersky [21.18.5.438.0.43.0]
Version:
21.18.5.438
Modules
Images
c:\windows\temp\b80e5b004c35fe114b3e817f87f669ee\kaspersky4win202121.18.5.438en_46727.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
Total events
16 974
Read events
16 788
Write events
182
Delete events
4

Modification events

(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
-1
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
0
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
4
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
230
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
Free
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:PreferredUI
Value:
0
(PID) Process:(6496) kaspersky4win202121.18.5.438en_46727.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.43.0\volatile
Operation:writeName:PreferredUI
Value:
1
(PID) Process:(6544) setup_ui.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6544) setup_ui.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
35
Suspicious files
22
Text files
48
Unknown types
1

Dropped files

PID
Process
Filename
Type
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\F652E012-53C3-11EF-B4E3-18F7786F96EE\GuiStrings_KFA.loctext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\setup_ui.exeexecutable
MD5:60A17A87D43A8C5AA21BEC4756789C53
SHA256:3B05987E36BB354A6CCE31B444A21F2F943B87BC6A9BA496B4B1717138F7FC4E
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2024-08-06-07-17-40_KAV.21.18.5.438.logtext
MD5:644FEBD0640C10BCEC2B526CBD9B475B
SHA256:29CB14DD70BC8E533A7F498BEE7320E38B9C79DB7377365BD2BDA3BF75659001
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\F652E012-53C3-11EF-B4E3-18F7786F96EE\GuiStrings.lochtml
MD5:09C4E9F41C4B8BFDB6BF8916AF730ECD
SHA256:57BF969D3C10D5BE0A4B31B8E530C1E005622C8DC809EE4FBD4C214F3B3E9A37
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\F652E012-53C3-11EF-B4E3-18F7786F96EE\downloader_neutral_KFA.initext
MD5:2E10B2D4181D2F07D2DD305BD4285BD5
SHA256:CBB72CDC1E461226C7D0E49E7EF955F77DFEEF4F7FE12D0D8A8D0CF9658EDC78
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\kl.setup.ui.dllexecutable
MD5:3C7D941E01763DB131F05CD5E17909D0
SHA256:A985540C3DEDAB11D80FAA0537FFC3E91F3F778DA28F7D60DFF3CCBBEC97DE74
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\F652E012-53C3-11EF-B4E3-18F7786F96EE\downloader_neutral.initext
MD5:635000D027160A52E2320AD7D4B0A857
SHA256:8E6025B49C9D1F8B3134357125D01B71EBD69258E7F90E97C0B3BF8D3886D1C6
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\kl.setup.ui.core.dllexecutable
MD5:3D791DB3FB8DF9CFB95CDC1C89F576CF
SHA256:6FF013A27DAB58EFFD6B1FCC885E49302AC99A371C640F01001E036C4F06C6E0
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\110E256F3C35FE114B3E817F87F669EE\sharpvectorconverterswpf.dllexecutable
MD5:9ED0B05697672396A56F9D5C249B7C53
SHA256:93A87C48B86A10F6C0E59827AE90E7AF45A0FC61F92DF2A64EE47E4219B3873F
6496kaspersky4win202121.18.5.438en_46727.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2024-08-06-07-17-40_KFA.21.18.5.438.logtext
MD5:644FEBD0640C10BCEC2B526CBD9B475B
SHA256:29CB14DD70BC8E533A7F498BEE7320E38B9C79DB7377365BD2BDA3BF75659001
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
62
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6496
kaspersky4win202121.18.5.438en_46727.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
1568
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1568
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7132
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6264
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4100
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3720
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6496
kaspersky4win202121.18.5.438en_46727.exe
62.67.238.152:443
ds.kaspersky.com
LEVEL3
GB
unknown
4
System
192.168.100.255:137
whitelisted
6496
kaspersky4win202121.18.5.438en_46727.exe
195.122.169.10:443
dm.s.kaspersky-labs.com
LEVEL3
DE
unknown
6496
kaspersky4win202121.18.5.438en_46727.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4100
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.78
whitelisted
ds.kaspersky.com
  • 62.67.238.152
  • 62.67.238.151
  • 81.19.104.73
  • 82.202.185.146
  • 82.202.185.148
  • 81.19.104.172
  • 82.202.184.193
whitelisted
dm.s.kaspersky-labs.com
  • 195.122.169.10
  • 109.248.196.5
  • 212.73.221.196
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.bing.com
  • 95.100.146.10
  • 95.100.146.11
  • 95.100.146.34
  • 95.100.146.18
  • 95.100.146.40
  • 95.100.146.9
  • 95.100.146.19
  • 95.100.146.25
  • 95.100.146.27
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.17
  • 40.126.32.133
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.72
  • 40.126.32.136
  • 20.190.160.20
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
th.bing.com
  • 95.100.146.10
  • 95.100.146.16
  • 95.100.146.27
  • 95.100.146.33
  • 95.100.146.35
  • 95.100.146.11
  • 95.100.146.32
  • 95.100.146.40
  • 95.100.146.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
LocalizationEngine Making localization parameters
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core DisplayCulture = en-GB DisplayCulture.FullLocalization = en-GB FormatCulture = en-US
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core OS: Major=10, Minor=0, Build=19045, Type=Workstation
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core OS: Major=10, Minor=0, Build=19045, Type=Workstation
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
TextScaleService IsEnabled is set to True.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kaspersky4win202121.18.5.438en_46727.exe