Malware analysis kaspersky4win202121.15.8.493ru_45358.exe Malicious activity

Add for printing

File name:	kaspersky4win202121.15.8.493ru_45358.exe
Full analysis:	https://app.any.run/tasks/397f3dde-5fdd-4d81-9883-e9f278328867
Verdict:	Malicious activity
Analysis date:	December 06, 2023, 20:31:26
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	64D133C0A1FB94D5795443A6612BE05F
SHA1:	18C313FACF3BAA6AC6AD977C9BB559D0CDA6EDAA
SHA256:	B4061F69CC7C2F822AB9D3C120B0F816659FC463B951300277860290A3F08946
SSDEEP:	98304:Is7q/gFXDxYuq/anngc3dqq9rIAjoo7LM2pYTl4b+oRo058JPh0w/5ZoOps/cZ8l:iiQe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2728)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
SUSPICIOUS
- Process drops legitimate windows executable
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Reads settings of System Certificates
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Reads security settings of Internet Explorer
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Starts itself from another location
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2728)
- Checks Windows Trust Settings
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Reads the Internet Settings
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Application launched itself
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
- The process verifies whether the antivirus software is installed
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Adds/modifies Windows certificates
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
INFO
- Reads the computer name
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2728)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
  - wmpnscfg.exe (PID: 3080)
- Checks supported languages
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
  - wmpnscfg.exe (PID: 3080)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2728)
- Create files in a temporary directory
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Reads the machine GUID from the registry
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Checks proxy server information
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Process checks are UAC notifies on
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Creates files or folders in the user directory
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
- Creates files in the program directory
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Checks for the presence of KasperskyLab
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 2464)
  - kaspersky4win202121.15.8.493ru_45358.exe (PID: 3312)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3080)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2007:12:18 15:55:43+01:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.29
CodeSize:	232960
InitializedDataSize:	4247040
UninitializedDataSize:	-
EntryPoint:	0x4200
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	21.15.8.493
ProductVersionNumber:	21.15.8.493
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Лаборатория Касперского
FileDescription:	Kaspersky [21.15.8.493.0.20.0]
FileVersion:	21.15.8.493
LegalCopyright:	© 2023 АО "Лаборатория Касперского"
LegalTrademarks:	Зарегистрированные товарные знаки и знаки обслуживания являются собственностью их правообладателей
ProductName:	Kaspersky
ProductVersion:	21.15.8.493
InternalName:	Setup
OriginalFileName:	Setup.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2464

"C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe"

C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe

explorer.exe

User:

admin

Company:

Лаборатория Касперского

Integrity Level:

MEDIUM

Description:

Kaspersky [21.15.8.493.0.20.0]

Exit code:

Version:

21.15.8.493

Modules

Images
c:\users\admin\downloads\kaspersky4win202121.15.8.493ru_45358.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

2728

"C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe" /-elevated=;"C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe"

C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe

kaspersky4win202121.15.8.493ru_45358.exe

User:

admin

Company:

Лаборатория Касперского

Integrity Level:

HIGH

Description:

Kaspersky [21.15.8.493.0.20.0]

Exit code:

Version:

21.15.8.493

Modules

Images
c:\users\admin\downloads\kaspersky4win202121.15.8.493ru_45358.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

3080

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

3312

"C:\Windows\temp\6EA41E976749EE118A62219A68C677ED\kaspersky4win202121.15.8.493ru_45358.exe" /-elevated=;"C:\Users\admin\Downloads\kaspersky4win202121.15.8.493ru_45358.exe"

C:\Windows\Temp\6EA41E976749EE118A62219A68C677ED\kaspersky4win202121.15.8.493ru_45358.exe

kaspersky4win202121.15.8.493ru_45358.exe

User:

admin

Company:

Лаборатория Касперского

Integrity Level:

HIGH

Description:

Kaspersky [21.15.8.493.0.20.0]

Exit code:

Version:

21.15.8.493

Modules

Images
c:\windows\temp\6ea41e976749ee118a62219a68c677ed\kaspersky4win202121.15.8.493ru_45358.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\0e2d90a76749ee118a62219a68c677ed\setup.dll
c:\windows\system32\user32.dll

Add for printing

Total events

14 508

Read events

14 342

Write events

165

Delete events

Modification events


(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\KasperskyLabSetup\Setup21.15.8.493.0.20.0\volatile
Operation:	write	Name:	cp_storedResolvedType
Value: -1
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\KasperskyLabSetup\Setup21.15.8.493.0.20.0\volatile
Operation:	write	Name:	cp_storedResolvedProductTier
Value: 0
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\KasperskyLabSetup\Setup21.15.8.493.0.20.0\volatile
Operation:	write	Name:	PreferredUI
Value: 0
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(2464) kaspersky4win202121.15.8.493ru_45358.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\736D0D46-9476-11EE-A826-12A9866C77DE\GuiStrings_KIS.loc		text
		MD5:64C574B77D78C2BDA28E2A6E3C50EF4A	SHA256:F4DF03AFEBC67A75D445672E9AB774D3DD6EA16B2E7AE0F2718387A6BD5240AD
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\54D0D6376749EE118A62219A68C677ED\kasperskylab.setup.ui.dll		executable
		MD5:5B8032DE52AD7AF543E6BBA902BC1682	SHA256:2DD2CA43DB0BC03F28CA628AF87F077B499D7267AFA055699303386719CD06C5
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\736D0D46-9476-11EE-A826-12A9866C77DE\html\install_programm.png		image
		MD5:92C2792890F65F1ACEC488D61CEEA7EF	SHA256:C70EEA5DC7403B9F786FAB442E51186D6DAC559EE7CBB3F9E47F97192126DBA5
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\kl-setup-2023-12-06-20-31-38_KAV.21.15.8.493.log		text
		MD5:1B393138FA5A50DB50E74F8AEC250C2C	SHA256:0C09F9B96122486F0DD57A0D09FF9B884D90DB45929CACE6CD9A472931B7320E
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\736D0D46-9476-11EE-A826-12A9866C77DE\html\product.svg		binary
		MD5:156768385A4231D38385D3C7B1298761	SHA256:616EFB7D9F2CC529C7A26569A3E1EFE4E9635C3F02DC6513C07A27B181440EF9
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\54D0D6376749EE118A62219A68C677ED\kasperskylab.ui.framework.uikit.dll		binary
		MD5:B77FEF38E2BA24C132060203AF15BFE2	SHA256:6A1458C6065A5AF4DDC4BDAA9CD41CFBDAC9411D04526225D46DFCACD4019B9A
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\54D0D6376749EE118A62219A68C677ED\kasperskylab.ui.framework.dll		executable
		MD5:89BDDD5F9AA7AFF6FDFA44A7F8EB8691	SHA256:BC294609A8D95D889C744186ABF5AF9FD83C382D3EFD595449632465F03812B7
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\736D0D46-9476-11EE-A826-12A9866C77DE\downloader_neutral_KIS.ini		text
		MD5:7D1EBECB49A1ABDDF80E36BCAB9C4924	SHA256:CC52C7F0764052AE08B0B0FF54212DE04A76487D7ED548D3825524AD18BC955C
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\736D0D46-9476-11EE-A826-12A9866C77DE\downloader_neutral.ini		text
		MD5:75E844DE7B33B0BE0E9FD902770DD09A	SHA256:0E93235D96833E71C4F38F36CF9F09AF126906884E27CFB88CFBEA4FFE15F4DA
2464	kaspersky4win202121.15.8.493ru_45358.exe	C:\Users\admin\AppData\Local\Temp\54D0D6376749EE118A62219A68C677ED\kasperskylab.setup.ui.visuals.dll		executable
		MD5:783977698C49B0D14A9C1A58707A6ED1	SHA256:6B1EF093643FF37D122EFF63DFB94FC5FAA7F600D19909077441837A9DB34031

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2464	kaspersky4win202121.15.8.493ru_45358.exe	GET	200	80.239.174.35:80	http://crl.kaspersky.com/aia/KasperskyLabPublicServicesRootCertificationAuthority.crt	unknown	binary	1.51 Kb	unknown
2464	kaspersky4win202121.15.8.493ru_45358.exe	GET	200	2.18.79.74:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c6d67f3a233f651e	unknown	compressed	65.2 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2464	kaspersky4win202121.15.8.493ru_45358.exe	62.67.238.152:443	ds.kaspersky.com	LEVEL3	GB	unknown
2464	kaspersky4win202121.15.8.493ru_45358.exe	80.239.174.35:80	crl.kaspersky.com	Telia Company AB	SE	unknown
2464	kaspersky4win202121.15.8.493ru_45358.exe	2.18.79.74:80	ctldl.windowsupdate.com	Akamai International B.V.	AT	unknown
2464	kaspersky4win202121.15.8.493ru_45358.exe	80.239.174.35:443	crl.kaspersky.com	Telia Company AB	SE	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
868	svchost.exe	23.52.121.156:80	armmf.adobe.com	AKAMAI-AS	DE	unknown
3312	kaspersky4win202121.15.8.493ru_45358.exe	62.67.238.152:443	ds.kaspersky.com	LEVEL3	GB	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
3312	kaspersky4win202121.15.8.493ru_45358.exe	80.239.174.35:443	crl.kaspersky.com	Telia Company AB	SE	unknown

DNS requests

Domain	IP	Reputation
ds.kaspersky.com	62.67.238.152 82.202.184.193 81.19.104.172 62.67.238.151 130.117.190.228 82.202.184.184 82.202.185.146	unknown
crl.kaspersky.com	80.239.174.35 213.248.110.148 213.248.110.150	whitelisted
ctldl.windowsupdate.com	2.18.79.74 2.18.79.82	whitelisted
dm.s.kaspersky-labs.com	80.239.174.35 213.248.110.150 213.248.110.148	unknown
armmf.adobe.com	23.52.121.156	whitelisted

Threats

No threats detected

Add for printing

Process	Message
kaspersky4win202121.15.8.493ru_45358.exe	kaspersky4win202121.15.8.493ru_45358.exe Information: 0 :
kaspersky4win202121.15.8.493ru_45358.exe	LocalizationEngine Trying to set LocalizationPropertiesManager.Culture to 'ru-RU'
kaspersky4win202121.15.8.493ru_45358.exe	LocalizationEngine Culture: ru-RU, LCID: 1049, Lang: ru-RU
kaspersky4win202121.15.8.493ru_45358.exe	LocalizationEngine Buildloc 'ru-RU' => loc: ru, region: RU, x:
kaspersky4win202121.15.8.493ru_45358.exe	kaspersky4win202121.15.8.493ru_45358.exe Information: 0 :
kaspersky4win202121.15.8.493ru_45358.exe	kaspersky4win202121.15.8.493ru_45358.exe Information: 0 :
kaspersky4win202121.15.8.493ru_45358.exe	kaspersky4win202121.15.8.493ru_45358.exe Information: 0 :
kaspersky4win202121.15.8.493ru_45358.exe	LocalizationEngine InstalledCultureName = ru-RU
kaspersky4win202121.15.8.493ru_45358.exe	kaspersky4win202121.15.8.493ru_45358.exe Information: 0 :
kaspersky4win202121.15.8.493ru_45358.exe	LocalizationEngine Reload localization

General Info

kaspersky4win202121.15.8.493ru_45358.exe

64D133C0A1FB94D5795443A6612BE05F

18C313FACF3BAA6AC6AD977C9BB559D0CDA6EDAA

B4061F69CC7C2F822AB9D3C120B0F816659FC463B951300277860290A3F08946

98304:Is7q/gFXDxYuq/anngc3dqq9rIAjoo7LM2pYTl4b+oRo058JPh0w/5ZoOps/cZ8l:iiQe

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Process drops legitimate windows executable

Reads settings of System Certificates

Reads security settings of Internet Explorer

Starts itself from another location

Checks Windows Trust Settings

Reads the Internet Settings

Application launched itself

The process verifies whether the antivirus software is installed

Adds/modifies Windows certificates

INFO

Reads the computer name

Checks supported languages

Create files in a temporary directory

Reads the machine GUID from the registry

Checks proxy server information

Process checks are UAC notifies on

Creates files or folders in the user directory

Creates files in the program directory

Checks for the presence of KasperskyLab

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings