File name:

kaspersky4win202121.18.5.438aen_46538.exe

Full analysis: https://app.any.run/tasks/f46fd851-52a8-43cb-9bd8-49586b74a059
Verdict: Malicious activity
Analysis date: September 15, 2024, 17:52:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
antivm
kaspersky
safe
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

58E0821A78ED09A3E4FF8E28709B3575

SHA1:

06B5644AF0C59350D77B6A61A590445FD0A1FCC9

SHA256:

ABD71FAA64AE306F30912522ED7D5CC01A1BA97498376D24A0AB496E171B48C6

SSDEEP:

98304:Ca7U4cWF/Yp9GKoym6Vl9aKFFsbRcAZOk5qHPP13JApJCJPMt1o3ma2fwTT+Dj91:EMVBrN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • msiexec.exe (PID: 6992)

    • Antivirus name has been found in the command line (generic signature)

      • avp.exe (PID: 6788)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6644)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • drvinst.exe (PID: 3328)
      • avp.exe (PID: 6788)
      • upgrade_launcher.exe (PID: 6868)

    • Checks Windows Trust Settings

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • avp.exe (PID: 6788)

    • Reads security settings of Internet Explorer

      • setup_ui.exe (PID: 4092)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • setup_ui.exe (PID: 1964)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • avp.exe (PID: 6788)
      • avpui.exe (PID: 5556)

    • Starts itself from another location

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6644)

    • Application launched itself

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • avp.exe (PID: 6788)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)

    • Adds/modifies Windows certificates

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • avp.exe (PID: 6788)

    • The process verifies whether the antivirus software is installed

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • msiexec.exe (PID: 6992)
      • drvinst.exe (PID: 3328)
      • bcdedit.exe (PID: 5484)
      • conhost.exe (PID: 5984)
      • plugins-setup.exe (PID: 5656)
      • plugins-setup.exe (PID: 4976)
      • msiexec.exe (PID: 5904)
      • plugins-setup.exe (PID: 4604)
      • regsvr32.exe (PID: 4688)
      • msiexec.exe (PID: 232)
      • regsvr32.exe (PID: 6784)
      • regsvr32.exe (PID: 2368)
      • plugins-setup.exe (PID: 300)
      • avp.exe (PID: 6788)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • avpui.exe (PID: 6244)
      • avp.exe (PID: 1948)
      • msiexec.exe (PID: 6664)
      • avpui.exe (PID: 5556)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5904)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 6664)
      • msiexec.exe (PID: 232)
      • msiexec.exe (PID: 5904)
      • drvinst.exe (PID: 3328)
      • msiexec.exe (PID: 6992)
      • avp.exe (PID: 6788)

    • Creates files in the driver directory

      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • msiexec.exe (PID: 6992)
      • avp.exe (PID: 6788)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 6664)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 5904)
      • regsvr32.exe (PID: 4688)
      • regsvr32.exe (PID: 2368)
      • regsvr32.exe (PID: 6784)

    • Creates or modifies Windows services

      • avp.exe (PID: 6788)

    • There is functionality for VM detection (antiVM strings)

      • avp.exe (PID: 1948)

    • Executes as Windows Service

      • avp.exe (PID: 6788)

  • INFO

    • Reads the computer name

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • setup_ui.exe (PID: 4092)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6644)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • setup_ui.exe (PID: 1964)
      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 6664)
      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • plugins-setup.exe (PID: 300)
      • avpui.exe (PID: 5556)
      • avp.exe (PID: 6788)
      • avp.exe (PID: 1948)
      • upgrade_launcher.exe (PID: 6868)
      • avpui.exe (PID: 6244)

    • Sends debugging messages

      • setup_ui.exe (PID: 4092)
      • setup_ui.exe (PID: 1964)
      • avp.exe (PID: 6788)
      • avpui.exe (PID: 6244)
      • avp.exe (PID: 1948)
      • avpui.exe (PID: 5556)

    • Checks supported languages

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • setup_ui.exe (PID: 4092)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6644)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • setup_ui.exe (PID: 1964)
      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 6664)
      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • plugins-setup.exe (PID: 5656)
      • plugins-setup.exe (PID: 4604)
      • plugins-setup.exe (PID: 4976)
      • plugins-setup.exe (PID: 300)
      • msiexec.exe (PID: 6992)
      • avp.exe (PID: 6788)
      • avpui.exe (PID: 6244)
      • avpui.exe (PID: 5556)
      • avp.exe (PID: 1948)
      • upgrade_launcher.exe (PID: 6868)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6752)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 3272)

    • Create files in a temporary directory

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • msiexec.exe (PID: 6664)

    • Checks for the presence of KasperskyLab

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • avpui.exe (PID: 5556)

    • Creates files in the program directory

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • plugins-setup.exe (PID: 5656)
      • plugins-setup.exe (PID: 4604)
      • avp.exe (PID: 6788)
      • upgrade_launcher.exe (PID: 6868)
      • plugins-setup.exe (PID: 300)

    • Creates files or folders in the user directory

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • msiexec.exe (PID: 5904)

    • Reads the machine GUID from the registry

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • setup_ui.exe (PID: 4092)
      • setup_ui.exe (PID: 1964)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • msiexec.exe (PID: 6992)
      • plugins-setup.exe (PID: 5656)
      • plugins-setup.exe (PID: 4604)
      • plugins-setup.exe (PID: 300)
      • avp.exe (PID: 6788)
      • avp.exe (PID: 1948)
      • avpui.exe (PID: 5556)

    • Process checks whether UAC notifications are on

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)

    • The process uses the downloaded file

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • setup_ui.exe (PID: 4092)
      • setup_ui.exe (PID: 1964)

    • Process checks computer location settings

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • avp.exe (PID: 6788)
      • avpui.exe (PID: 5556)

    • Checks proxy server information

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • slui.exe (PID: 7020)

    • Reads the software policy settings

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6296)
      • slui.exe (PID: 5724)
      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • slui.exe (PID: 7020)
      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 232)
      • drvinst.exe (PID: 3328)
      • avp.exe (PID: 6788)

    • Reads Environment values

      • kaspersky4win202121.18.5.438aen_46538.exe (PID: 6204)
      • avp.exe (PID: 6788)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5904)
      • msiexec.exe (PID: 6664)
      • msiexec.exe (PID: 232)
      • msiexec.exe (PID: 6992)

    • Application launched itself

      • msiexec.exe (PID: 5904)

    • Creates or modifies Windows services

      • msiexec.exe (PID: 232)
      • msiexec.exe (PID: 6992)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 5904)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 5904)

    • Reads the time zone

      • avp.exe (PID: 6788)

    • Reads CPU info

      • avp.exe (PID: 6788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:04:01 13:47:06+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 248832
InitializedDataSize: 4413952
UninitializedDataSize: -
EntryPoint: 0x4260
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.18.5.438
ProductVersionNumber: 21.18.5.438
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky [21.18.5.438.0.301.0 (a)]
FileVersion: 21.18.5.438
LegalCopyright: © 2024 AO Kaspersky Lab
LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
ProductName: Kaspersky
ProductVersion: 21.18.5.438
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
30
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kaspersky4win202121.18.5.438aen_46538.exe setup_ui.exe kaspersky4win202121.18.5.438aen_46538.exe kaspersky4win202121.18.5.438aen_46538.exe setup_ui.exe sppextcomobj.exe no specs slui.exe slui.exe msiexec.exe msiexec.exe msiexec.exe msiexec.exe drvinst.exe bcdedit.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs plugins-setup.exe no specs avp.exe avpui.exe avpui.exe THREAT avp.exe upgrade_launcher.exe kaspersky4win202121.18.5.438aen_46538.exe no specs kaspersky4win202121.18.5.438aen_46538.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
232C:\Windows\System32\MsiExec.exe -Embedding 60156DE1044A2E58B20A3707EE671DA3 E Global\MSI0000C:\Windows\System32\msiexec.exe
msiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
300"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\plugins-setup.exe" --install --browser=edge-new --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
30.1719.0.1660
Modules
Images
c:\program files (x86)\kaspersky lab\kaspersky 21.18\plugins-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\sspicli.dll
1948-host -hostId=2484719374 -securityCookie=6788 -initParameters=C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avp.exe
avp.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Kaspersky Lab launcher
Version:
21.4.0.0
Modules
Images
c:\program files (x86)\kaspersky lab\kaspersky 21.18\avp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1964"C:\Users\admin\AppData\Local\Temp\6418B685B837FE114B3E817F87F669EE\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAACQmoIlG0a1J6VkMTQEh5x2AggAADwY///iege865dLdTkAIwAHAEQARQBTAEsAVABPAFAALQBKAEcATABMAEoATABEAAAABwAxADkAMgAuADEANgA4AC4AMQAwADAALgAxADgAMAAAAAAACQD//wAAHgD//wAAEAD//wAACgD//wAAFgD//wAAHwD//wAADgD//wAAAAA=:C:\Users\admin\AppData\Local\Temp\6418B685B837FE114B3E817F87F669EE\setup_ui.exe
kaspersky4win202121.18.5.438aen_46538.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.301.0 (a)]
Exit code:
0
Version:
21.18.5.438
Modules
Images
c:\users\admin\appdata\local\temp\6418b685b837fe114b3e817f87f669ee\setup_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
2368"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\shellex.dll" /s /i:"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\ kiskavpure"C:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3272"C:\Users\admin\Desktop\kaspersky4win202121.18.5.438aen_46538.exe" -cleanup="C:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE;6296"C:\Users\admin\Desktop\kaspersky4win202121.18.5.438aen_46538.exekaspersky4win202121.18.5.438aen_46538.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.301.0 (a)]
Exit code:
0
Version:
21.18.5.438
Modules
Images
c:\users\admin\desktop\kaspersky4win202121.18.5.438aen_46538.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
3328DrvInst.exe "4" "1" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\klimx64\klim6.inf" "9" "4750a1b23" "00000000000001CC" "WinSta0\Default" "00000000000001DC" "208" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\klimx64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
4092"C:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAAAbfTw4U5Bs0soxUsAmVSlgAmwAAJgY//9sOvSnvkGkKDkAIwAHAEQARQBTAEsAVABPAFAALQBKAEcATABMAEoATABEAAAABwAxADkAMgAuADEANgA4AC4AMQAwADAALgAxADgAMAAAAAAACQD//wAAHgD//wAAEAD//wAACgD//wAAFgD//wAAHwD//wAADgD//wAAAAA=:C:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\setup_ui.exe
kaspersky4win202121.18.5.438aen_46538.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky [21.18.5.438.0.301.0 (a)]
Exit code:
0
Version:
21.18.5.438
Modules
Images
c:\users\admin\appdata\local\temp\16ea4e25b837fe114b3e817f87f669ee\setup_ui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
4604"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\plugins-setup.exe" --install --browser=chrome --config="C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\skin\resources\neutral\locs\plugins_config.lt"C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\plugins-setup.exemsiexec.exe
User:
SYSTEM
Company:
AO Kaspersky Lab
Integrity Level:
SYSTEM
Description:
Light Plugin Extension Registrar
Exit code:
0
Version:
30.1719.0.1660
Modules
Images
c:\program files (x86)\kaspersky lab\kaspersky 21.18\plugins-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\sspicli.dll
4688"C:\WINDOWS\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\kpm_integration.dll" /sC:\Windows\SysWOW64\regsvr32.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
65 899
Read events
57 864
Write events
7 925
Delete events
110

Modification events

(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
-1
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
0
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedType
Value:
4
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedProductTier
Value:
230
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:cp_storedResolvedStartupScenario
Value:
Free
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:PreferredUI
Value:
0
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0\volatile
Operation:writeName:PreferredUI
Value:
1
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0
Operation:writeName:TrashFiles
Value:
C:\Users\admin\AppData\Local\Temp\discovery.cfg
(PID) Process:(6296) kaspersky4win202121.18.5.438aen_46538.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.18.5.438.0.301.0
Operation:writeName:TrashFiles
Value:
C:\Users\admin\AppData\Local\Temp\discovery.cfg C:\ProgramData\Kaspersky Lab Setup Files\KFA21.18.5.438.0.301.0
Executable files
1 144
Suspicious files
839
Text files
634
Unknown types
4

Dropped files

PID
Process
Filename
Type
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\setup.dllexecutable
MD5:147AAECC3BAD71192F6333A866794400
SHA256:C0946716F91EC37F9C30E3A27293D66F75466B2C1D0C03053992D3132BAB0611
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2024-09-15-17-52-51_KAV.21.18.5.438.logtext
MD5:FC24642568623D0635FB941BE66ED185
SHA256:7A961F296804F8906E4BE09A7D1BCBC9A960D51B7590089510F36225856A6B41
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\52E4AE62-738B-11EF-B4E3-18F7786F96EE\GuiStrings.lochtml
MD5:09C4E9F41C4B8BFDB6BF8916AF730ECD
SHA256:57BF969D3C10D5BE0A4B31B8E530C1E005622C8DC809EE4FBD4C214F3B3E9A37
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\kl.setup.ui.core.dllexecutable
MD5:3D791DB3FB8DF9CFB95CDC1C89F576CF
SHA256:6FF013A27DAB58EFFD6B1FCC885E49302AC99A371C640F01001E036C4F06C6E0
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\52E4AE62-738B-11EF-B4E3-18F7786F96EE\downloader_neutral_KFA.initext
MD5:2E10B2D4181D2F07D2DD305BD4285BD5
SHA256:CBB72CDC1E461226C7D0E49E7EF955F77DFEEF4F7FE12D0D8A8D0CF9658EDC78
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\kl.ui.framework.dllexecutable
MD5:676BDC05672D36E2EF7DE38AA83A2803
SHA256:79C7455735EB0B7E8B3CF46DA78B06FB81229169D85039AFAB44CA74FE3F9A43
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\kl.ui.framework.uikit.dllodttf
MD5:05B722EDF678407E6DA411924D11BF74
SHA256:41EB3558586EE2EACC0822B725FBA7F755F54C7B0AC450DFEBA5A59057192B44
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\52E4AE62-738B-11EF-B4E3-18F7786F96EE\GuiStrings_KFA.loctext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2024-09-15-17-52-51_KFA.21.18.5.438.logtext
MD5:FC24642568623D0635FB941BE66ED185
SHA256:7A961F296804F8906E4BE09A7D1BCBC9A960D51B7590089510F36225856A6B41
6296kaspersky4win202121.18.5.438aen_46538.exeC:\Users\admin\AppData\Local\Temp\16EA4E25B837FE114B3E817F87F669EE\kl.setup.ui.visuals.dllexecutable
MD5:70F74920E8265226EA92AAE61E555DF1
SHA256:6AC4FF8FD298F8F78C825EB714C801F026DB14A1862EEC9562952B59A2F862F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
89
DNS requests
88
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6296
kaspersky4win202121.18.5.438aen_46538.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
360
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6516
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
360
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6788
avp.exe
GET
200
212.73.221.196:80
http://crl.kaspersky.com/cdp/KSNGlobalRootCAECC.crl
unknown
whitelisted
6204
kaspersky4win202121.18.5.438aen_46538.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
5904
msiexec.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
1280
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6788
avp.exe
GET
200
212.73.221.196:80
http://crl.kaspersky.com/cdp/KSNGlobalRootCAECC.crl
unknown
whitelisted
5904
msiexec.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6516
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6232
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6296
kaspersky4win202121.18.5.438aen_46538.exe
62.67.238.151:443
ds.kaspersky.com
LEVEL3
GB
whitelisted
6296
kaspersky4win202121.18.5.438aen_46538.exe
46.8.206.115:443
dm.s.kaspersky-labs.com
Solucions Valencianes i Noves Tecnologies SL
ES
whitelisted
6296
kaspersky4win202121.18.5.438aen_46538.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6516
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6204
kaspersky4win202121.18.5.438aen_46538.exe
62.67.238.151:443
ds.kaspersky.com
LEVEL3
GB
whitelisted
6204
kaspersky4win202121.18.5.438aen_46538.exe
46.8.206.115:443
dm.s.kaspersky-labs.com
Solucions Valencianes i Noves Tecnologies SL
ES
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.206
whitelisted
ds.kaspersky.com
  • 62.67.238.151
  • 82.202.184.184
  • 62.67.238.152
  • 81.19.104.172
  • 82.202.185.148
  • 46.8.206.90
  • 82.202.184.193
whitelisted
dm.s.kaspersky-labs.com
  • 46.8.206.115
  • 195.122.169.10
  • 80.239.174.35
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.68
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.72
  • 40.126.32.136
  • 40.126.32.76
  • 20.190.160.20
whitelisted
slscr.update.microsoft.com
  • 20.114.59.183
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.166.126.56
whitelisted

Threats

No threats detected
Process
Message
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
LocalizationEngine Making localization parameters
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core DisplayCulture = en-US DisplayCulture.FullLocalization = en FormatCulture = en-US
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
TextScaleService SystemScaleFactor '1' provided from Registry.
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core OS: Major=10, Minor=0, Build=19045, Type=Workstation
setup_ui.exe
setup_ui.exe Information: 0 :
setup_ui.exe
Core OS: Major=10, Minor=0, Build=19045, Type=Workstation
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kaspersky4win202121.18.5.438aen_46538.exe