File name:

eset_smart_security_premium_live_installer.exe

Full analysis: https://app.any.run/tasks/a25a7bba-8550-482a-929f-5ec73e067d41
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 13, 2025, 13:46:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

4B24C9F3D321A41BA190C2AFBBD062BB

SHA1:

8FDE83556D360D784D0BFAAEB79B6B99CD626363

SHA256:

A99C9C3500155B0F6F6EC0AB35797D7A26F2D4018EAAFE93584A1C7EF0E2CCC4

SSDEEP:

98304:YJwm4Amt9PBynlg70Hcd9cOakgHxCd9t2rsJuc4BtLdQW6HB4Aacd/qdkcLQnOWP:uMmVrhmIUsCyIAiBmI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • Executable content was dropped or overwritten

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • The process verifies whether the antivirus software is installed

      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • There is functionality for taking screenshot (YARA)

      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • Connects to unusual port

      • eset_smart_security_premium_live_installer.exe (PID: 4236)

  • INFO

    • The sample compiled with english language support

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • Checks supported languages

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)
      • BootHelper.exe (PID: 2972)
      • identity_helper.exe (PID: 2648)

    • Reads the computer name

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)
      • identity_helper.exe (PID: 2648)

    • Create files in a temporary directory

      • eset_smart_security_premium_live_installer.exe (PID: 3676)
      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • Process checks computer location settings

      • eset_smart_security_premium_live_installer.exe (PID: 3676)

    • Reads the machine GUID from the registry

      • eset_smart_security_premium_live_installer.exe (PID: 4236)

    • Reads the software policy settings

      • eset_smart_security_premium_live_installer.exe (PID: 4236)
      • slui.exe (PID: 5564)

    • Application launched itself

      • msedge.exe (PID: 3624)
      • msedge.exe (PID: 3800)
      • msedge.exe (PID: 5184)

    • Manual execution by a user

      • msedge.exe (PID: 5184)

    • Reads Environment values

      • identity_helper.exe (PID: 2648)

    • Checks proxy server information

      • slui.exe (PID: 5564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:07 15:11:18+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.41
CodeSize: 330752
InitializedDataSize: 10334208
UninitializedDataSize: -
EntryPoint: 0x2c7e0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 10.48.17.0
ProductVersionNumber: 18.0.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: ESET
FileDescription: ESET Live Installer
FileVersion: 10.48.17.0
InternalName: Bootstrapper.exe
LegalCopyright: Copyright (c) ESET, spol. s r.o. 1992-2024. All rights reserved.
LegalTrademarks: NOD, NOD32, AMON, ESET are registered trademarks of ESET.
OriginalFileName: Bootstrapper.exe
ProductName: ESET Security
ProductVersion: 18.0.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
32
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start eset_smart_security_premium_live_installer.exe eset_smart_security_premium_live_installer.exe boothelper.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
724"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6604,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
984"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3648,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=3696 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5480,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1036"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2232,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1740"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1544,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6636,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2648"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6104,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2972"C:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\BootHelper.exe" --watchdog 4236 --product "ESET Live Installer" 18.0.2.0 1033C:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\BootHelper.exeeset_smart_security_premium_live_installer.exe
User:
admin
Company:
ESET
Integrity Level:
HIGH
Description:
ESET Live Installer
Version:
10.48.17.0
Modules
Images
c:\users\admin\appdata\local\temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\boothelper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
2996"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4180,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3952,i,17475527598373014690,3374548781569410083,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 686
Read events
12 660
Write events
26
Delete events
0

Modification events

(PID) Process:(4236) eset_smart_security_premium_live_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ESET\ESET Security\CurrentVersion\Plugins\01000400\settings
Operation:writeName:LastUpdateCertTimestamp
Value:
F996765100000000
(PID) Process:(4236) eset_smart_security_premium_live_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(4236) eset_smart_security_premium_live_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4236) eset_smart_security_premium_live_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4236) eset_smart_security_premium_live_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3624) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3624) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3800) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
1
(PID) Process:(3800) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3800) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
Executable files
18
Suspicious files
235
Text files
61
Unknown types
27

Dropped files

PID
Process
Filename
Type
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\em000_32_l1.dll.nup
MD5:
SHA256:
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\em000_32_l2.dll.nup
MD5:
SHA256:
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\em045_32_l2.dll.nup
MD5:
SHA256:
3676eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\eset_smart_security_premium_live_installer.exeexecutable
MD5:E042423B19D722D147B8941DF2D6E7D4
SHA256:B827CDC99D7C6A7FE5DDE679B058C6D9FFC500BACC206F4666034555B1DAC140
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\acstest.exeexecutable
MD5:0E78E89C9F55AD01B72F5BE795B18795
SHA256:B33C79EE3B195AD49128806A19EAA3721D61CB337481265E0E7294864EE74259
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\.erm\epi-base.zipcompressed
MD5:963CBFE7B2F86694EB72DA30E5827CE5
SHA256:78E94B38448BCBDDF7FBBDEE46593815F7352BFEC0925DAA01D56F818D899CB8
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\eguiActivation.dllexecutable
MD5:F09CA35EB1BFFA0C094B947FBA7A4A56
SHA256:DC426CFFFE5C3CE8012140AB65396A7D232D84BC5BDB508116EBA2B373E1A013
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\sciter-x.dllexecutable
MD5:5DF131B46F756C6D644EFA5B3A6D5F81
SHA256:42B33CC81733BE6115A8CB282F798B25C6CBBFD75BEFF4013C5D7CEFC5FB6ABA
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\BootHelper.exeexecutable
MD5:356ECBD9E3B07FAEB8DCB63AAB009B19
SHA256:F8E24D10A678231CBCF40E80B8A7EFD9BB45288338928CBDD0A373D2CBA21306
4236eset_smart_security_premium_live_installer.exeC:\Users\admin\AppData\Local\Temp\eset\bts.session\dbe34e9d-ef9a-43d3-a8c7-42aaea027750\plgInstaller.dllexecutable
MD5:F0BE7B26044A9CF8F948A9F0E1D61F2D
SHA256:60116FCAA4E27956E474374580A5F579F8F4D91C13F986FC05983311929BDE75
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
96
TCP/UDP connections
114
DNS requests
74
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
2.16.206.7:443
https://go.eset.com/detectav?product=eli
unknown
4236
eset_smart_security_premium_live_installer.exe
GET
200
91.228.166.23:80
http://repository.eset.com/v1/com/eset/modules/av_detector/metadata3
unknown
whitelisted
4236
eset_smart_security_premium_live_installer.exe
GET
200
91.228.166.23:80
http://repository.eset.com/v1/com/eset/eulas/product/lg/ehsw/v3537/3537.0.5/eula-product-lg-ehsw.zip/eulaenu.html
unknown
whitelisted
GET
200
91.228.166.154:443
https://download.eset.com/special/detectav/detectav.xml
unknown
xml
504 b
whitelisted
GET
200
91.228.166.154:443
https://download.eset.com/com/eset/tools/installers/av_detector/v1/1.100.0.0/detectavdb_windefend.dat
unknown
binary
215 Kb
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.206
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
repository.eset.com
  • 91.228.166.23
whitelisted
iploc.eset.com
  • 20.224.75.204
whitelisted
go.eset.com
  • 20.31.122.183
whitelisted
download.eset.com
  • 91.228.166.154
whitelisted
epns.eset.com
  • 91.228.165.147
  • 91.228.165.159
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
eset_smart_security_premium_live_installer.exe