File name:

kryptex-setup-latest.exe

Full analysis: https://app.any.run/tasks/79a982f2-2397-48c0-9862-727e410b646e
Verdict: Malicious activity
Analysis date: February 07, 2025, 23:20:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
MD5:

9A24E802CA465D7F9A8BF971593A6464

SHA1:

3D9385399719E12820B1B5317B19E45C3681F56D

SHA256:

B4E55A822EB60B0A928108801E47F09EC6734DEC9932542C944F8F16A79382BC

SSDEEP:

6144:/54i7cAbg45R8G0oF+y8yzep0st4oPp0st4oUx7eb:/54Cg45anoF+ygpLt4oPpLt4oUx7g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Changes the autorun value in the registry

      • Kryptex.exe (PID: 6456)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • kryptex-setup-latest.exe (PID: 6244)
      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Checks Windows Trust Settings

      • kryptex-setup-latest.exe (PID: 6244)

    • Reads the date of Windows installation

      • kryptex-setup-latest.exe (PID: 6244)

    • Executable content was dropped or overwritten

      • kryptex-setup-4.46.9.exe (PID: 7100)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6456)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • The process creates files with name similar to system file names

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Drops 7-zip archiver for unpacking

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Creates a software uninstall entry

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Application launched itself

      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 6972)

    • Process drops legitimate windows executable

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • The process executes via Task Scheduler

      • Kryptex.exe (PID: 6972)

    • Starts CMD.EXE for commands execution

      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6456)

    • Uses WMIC.EXE to obtain operating system information

      • Kryptex.exe (PID: 6456)

    • Starts application with an unusual extension

      • cmd.exe (PID: 1876)

    • Uses WMIC.EXE to obtain network information

      • cmd.exe (PID: 4672)
      • cmd.exe (PID: 6840)
      • cmd.exe (PID: 6712)
      • cmd.exe (PID: 6844)

    • Uses WMIC.EXE to obtain data on the virtual memory file swapping

      • Kryptex.exe (PID: 6456)

    • Uses WMIC.EXE to obtain local storage devices information

      • Kryptex.exe (PID: 6456)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 6732)
      • cmd.exe (PID: 6316)

  • INFO

    • Reads the computer name

      • kryptex-setup-latest.exe (PID: 6244)
      • kryptex-setup-4.46.9.exe (PID: 7100)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 6096)
      • Kryptex.exe (PID: 2572)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 3736)
      • Kryptex.exe (PID: 2680)
      • Kryptex.exe (PID: 6456)
      • pagefile.exe (PID: 1512)

    • Checks supported languages

      • kryptex-setup-latest.exe (PID: 6244)
      • kryptex-setup-4.46.9.exe (PID: 7100)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 4400)
      • Kryptex.exe (PID: 2572)
      • Kryptex.exe (PID: 6096)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 7036)
      • Kryptex.exe (PID: 3736)
      • Kryptex.exe (PID: 2680)
      • Kryptex.exe (PID: 6456)
      • Kryptex.exe (PID: 6980)
      • adlinfo.exe (PID: 6156)
      • chcp.com (PID: 6804)
      • pagefile.exe (PID: 1512)
      • adlinfo.exe (PID: 6828)

    • The sample compiled with english language support

      • kryptex-setup-latest.exe (PID: 6244)
      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Checks proxy server information

      • kryptex-setup-latest.exe (PID: 6244)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 6972)

    • Creates files or folders in the user directory

      • kryptex-setup-latest.exe (PID: 6244)
      • kryptex-setup-4.46.9.exe (PID: 7100)
      • Kryptex.exe (PID: 4400)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 7036)
      • Kryptex.exe (PID: 2680)
      • Kryptex.exe (PID: 6096)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 6456)

    • Reads the machine GUID from the registry

      • kryptex-setup-latest.exe (PID: 6244)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 6972)

    • Reads the software policy settings

      • kryptex-setup-latest.exe (PID: 6244)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 5096)

    • Process checks computer location settings

      • kryptex-setup-latest.exe (PID: 6244)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6456)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 6980)

    • Create files in a temporary directory

      • kryptex-setup-4.46.9.exe (PID: 7100)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 6456)

    • Creates files in the program directory

      • kryptex-setup-4.46.9.exe (PID: 7100)

    • Reads product name

      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 6456)

    • Reads Environment values

      • Kryptex.exe (PID: 5096)
      • Kryptex.exe (PID: 5028)
      • Kryptex.exe (PID: 6972)
      • Kryptex.exe (PID: 6456)

    • Manual execution by a user

      • Kryptex.exe (PID: 5096)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6904)
      • WMIC.exe (PID: 6860)
      • WMIC.exe (PID: 4764)
      • WMIC.exe (PID: 6296)
      • WMIC.exe (PID: 6640)
      • WMIC.exe (PID: 7128)
      • WMIC.exe (PID: 4996)
      • WMIC.exe (PID: 6292)

    • Reads CPU info

      • Kryptex.exe (PID: 6456)
      • Kryptex.exe (PID: 6972)

    • Changes the display of characters in the console

      • cmd.exe (PID: 1876)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Kryptex.exe (PID: 6456)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:01:29 12:16:47+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.42
CodeSize: 69120
InitializedDataSize: 161792
UninitializedDataSize: -
EntryPoint: 0x34a8
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kryptex
FileDescription: Kryptex App Web Installer
FileVersion: 1.0.0.1
InternalName: kryptex-setup-latest.exe
LegalCopyright: Copyright Kryptex (C) 2024
OriginalFileName: kryptex-setup-latest.exe
ProductName: Kryptex
ProductVersion: 1.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
218
Monitored processes
90
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start kryptex-setup-latest.exe kryptex-setup-4.46.9.exe no specs kryptex-setup-4.46.9.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe kryptex.exe comppkgsrv.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe no specs kryptex.exe kryptex.exe comppkgsrv.exe no specs wmic.exe no specs conhost.exe no specs kryptex.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs pagefile.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs adlinfo.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
1296\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepagefile.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1380\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1512"C:\Program Files\Kryptex\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exe" 16 16C:\Program Files\Kryptex\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exeKryptex.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\kryptex\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\release\pagefile.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1864schtasks /create /f /tn KryptexElevationV2FromStartup /xml "C:\Program Files\Kryptex\KryptexElevationFromStartup.xml"C:\Windows\SysWOW64\schtasks.exekryptex-setup-4.46.9.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1864C:\Windows\System32\CompPkgSrv.exe -EmbeddingC:\Windows\System32\CompPkgSrv.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Component Package Support Server
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\comppkgsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
1876C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\System32\cmd.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
2040\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
2136reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersionC:\Windows\System32\reg.exeKryptex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
Total events
12 764
Read events
12 692
Write events
18
Delete events
54

Modification events

(PID) Process:(6244) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6244) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6244) kryptex-setup-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:InstallLocation
Value:
C:\Program Files\Kryptex
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:ShortcutName
Value:
Kryptex
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:DisplayName
Value:
Kryptex 4.46.9
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:UninstallString
Value:
"C:\Program Files\Kryptex\Uninstall Kryptex.exe" /allusers
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Kryptex\Uninstall Kryptex.exe" /allusers /S
(PID) Process:(7100) kryptex-setup-4.46.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30437907-294f-51ea-92cc-027b1d3d13a2
Operation:writeName:DisplayVersion
Value:
4.46.9
Executable files
36
Suspicious files
120
Text files
16
Unknown types
3

Dropped files

PID
Process
Filename
Type
6244kryptex-setup-latest.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\kryptex-setup-4.46.9[1].exe
MD5:
SHA256:
7100kryptex-setup-4.46.9.exeC:\Users\admin\AppData\Local\Temp\nsc9D5D.tmp\app-64.7z
MD5:
SHA256:
7100kryptex-setup-4.46.9.exeC:\Program Files\Kryptex\icudtl.dat
MD5:
SHA256:
7100kryptex-setup-4.46.9.exeC:\Program Files\Kryptex\LICENSES.chromium.html
MD5:
SHA256:
6244kryptex-setup-latest.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:E501274C0344BD3683A00B1BBAD08BA0
SHA256:26063C93D81D3B18D710EBA76B8F6CA3282563D0CB8B56B9A8DF79550041FAB4
6244kryptex-setup-latest.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:2597017B4CC625CAD701B79AD1AF2294
SHA256:9E092BB9DEFF10BD3C6034DC5A5F876CFA6A29000FDA5E196D19640CAB700D49
6244kryptex-setup-latest.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94E9323393A26E380A8C9780781AC995binary
MD5:1EFE2A41C6B52E0C9B8E8A63840366FC
SHA256:3DD05D0D2D6186F78175204E33509B38419B9089676D9BF8BAB95B16592490DA
6244kryptex-setup-latest.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:2AAC023AFD81A7DD0B39D30BBF70FA3B
SHA256:A60B69C054FD810631A7E11A699A370555B1359BACFEDC1A18E3AC06738F2D0F
7100kryptex-setup-4.46.9.exeC:\Users\admin\AppData\Local\Temp\nsc9D5D.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
6244kryptex-setup-latest.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:48294881740A7CA483FB5C86236A237E
SHA256:713B324073193B09ACF791E0DA71F52FC54C2AB8B2EF8E5D4A3EE71CB9816DFE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
31
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6244
kryptex-setup-latest.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
6244
kryptex-setup-latest.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
6244
kryptex-setup-latest.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDjwqosj9XXXwVnRyJHMOPo
unknown
whitelisted
6244
kryptex-setup-latest.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
5300
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5300
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.33:443
www.bing.com
Akamai International B.V.
DE
whitelisted
6244
kryptex-setup-latest.exe
136.244.85.57:443
www.kryptex.com
AS-CHOOPA
DE
unknown
6244
kryptex-setup-latest.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
whitelisted
6244
kryptex-setup-latest.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted
6244
kryptex-setup-latest.exe
23.48.23.37:443
9a7f6a3c-8431-438c-89d9-90924a59e618.akamaized.net
Akamai International B.V.
DE
whitelisted
6244
kryptex-setup-latest.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 40.126.31.71
  • 40.126.31.0
  • 20.190.159.130
  • 20.190.159.75
  • 20.190.159.131
  • 20.190.159.129
  • 40.126.31.129
  • 20.190.159.23
whitelisted
www.bing.com
  • 92.123.104.33
  • 92.123.104.34
  • 92.123.104.38
  • 92.123.104.32
  • 92.123.104.31
  • 92.123.104.28
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
www.kryptex.com
  • 136.244.85.57
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
9a7f6a3c-8431-438c-89d9-90924a59e618.akamaized.net
  • 23.48.23.37
  • 23.48.23.58
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
kryptex-setup-latest.exe