File name:

Kasperskyantivirus.exe

Full analysis: https://app.any.run/tasks/632263d9-9aff-4253-94bc-78989b4d9332
Verdict: Malicious activity
Analysis date: March 24, 2025, 23:55:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

61A23A5C02F19DDA41B5F63B48784A96

SHA1:

DEF21AB5C10BF3B4E5A5D2B2ABB5D00B8E2DEA18

SHA256:

B93B5CC63A5EE1981C074ABB7921A4BDB147197DC85DD1AF42305066736D8574

SSDEEP:

98304:N2uiieRyd72QsLDil92m3GJEDgZVQUjXq8doYSHm:Gmgw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Kasperskyantivirus.exe (PID: 7588)
      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Kasperskyantivirus.exe (PID: 7588)

    • Starts itself from another location

      • Kasperskyantivirus.exe (PID: 7588)

    • Reads security settings of Internet Explorer

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 7696)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 6964)
      • cmd.exe (PID: 1660)
      • cmd.exe (PID: 4724)
      • cmd.exe (PID: 5576)
      • cmd.exe (PID: 6132)
      • cmd.exe (PID: 7944)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 8040)
      • cmd.exe (PID: 8048)
      • cmd.exe (PID: 7288)
      • cmd.exe (PID: 1056)
      • cmd.exe (PID: 7036)
      • cmd.exe (PID: 6416)

    • The executable file from the user directory is run by the CMD process

      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Reads the date of Windows installation

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Executing commands from a ".bat" file

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Starts CMD.EXE for commands execution

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 6852)
      • kaspsersky32.exe (PID: 3888)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7696)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 6964)
      • cmd.exe (PID: 1660)
      • cmd.exe (PID: 4724)
      • cmd.exe (PID: 5576)
      • cmd.exe (PID: 6132)
      • cmd.exe (PID: 7944)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 8040)
      • cmd.exe (PID: 8048)
      • cmd.exe (PID: 7288)
      • cmd.exe (PID: 1056)
      • cmd.exe (PID: 6416)
      • cmd.exe (PID: 7036)

  • INFO

    • Reads the machine GUID from the registry

      • Kasperskyantivirus.exe (PID: 7588)
      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Reads the computer name

      • Kasperskyantivirus.exe (PID: 7588)
      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Checks supported languages

      • Kasperskyantivirus.exe (PID: 7588)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 7616)
      • chcp.com (PID: 7756)
      • kaspsersky32.exe (PID: 2140)
      • chcp.com (PID: 8104)
      • chcp.com (PID: 4428)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • chcp.com (PID: 1228)
      • chcp.com (PID: 720)
      • kaspsersky32.exe (PID: 7340)
      • chcp.com (PID: 7432)
      • kaspsersky32.exe (PID: 7576)
      • chcp.com (PID: 7692)
      • chcp.com (PID: 5244)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7888)
      • chcp.com (PID: 7784)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • chcp.com (PID: 3300)
      • kaspsersky32.exe (PID: 5680)
      • chcp.com (PID: 4756)
      • kaspsersky32.exe (PID: 1764)
      • chcp.com (PID: 4000)
      • chcp.com (PID: 5020)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)
      • chcp.com (PID: 5332)
      • chcp.com (PID: 5392)

    • Reads Environment values

      • Kasperskyantivirus.exe (PID: 7588)
      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Creates files or folders in the user directory

      • Kasperskyantivirus.exe (PID: 7588)

    • Create files in a temporary directory

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Changes the display of characters in the console

      • cmd.exe (PID: 7696)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 6964)
      • cmd.exe (PID: 1660)
      • cmd.exe (PID: 4724)
      • cmd.exe (PID: 5576)
      • cmd.exe (PID: 6132)
      • cmd.exe (PID: 7944)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 8040)
      • cmd.exe (PID: 8048)
      • cmd.exe (PID: 7288)
      • cmd.exe (PID: 1056)
      • cmd.exe (PID: 7036)
      • cmd.exe (PID: 6416)

    • Process checks computer location settings

      • kaspsersky32.exe (PID: 7616)
      • kaspsersky32.exe (PID: 2140)
      • kaspsersky32.exe (PID: 7980)
      • kaspsersky32.exe (PID: 5552)
      • kaspsersky32.exe (PID: 1324)
      • kaspsersky32.exe (PID: 7340)
      • kaspsersky32.exe (PID: 7576)
      • kaspsersky32.exe (PID: 7888)
      • kaspsersky32.exe (PID: 2240)
      • kaspsersky32.exe (PID: 7992)
      • kaspsersky32.exe (PID: 5680)
      • kaspsersky32.exe (PID: 4736)
      • kaspsersky32.exe (PID: 1764)
      • kaspsersky32.exe (PID: 3888)
      • kaspsersky32.exe (PID: 6852)

    • Reads the software policy settings

      • slui.exe (PID: 7532)

    • Checks proxy server information

      • slui.exe (PID: 7532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:03:12 16:16:39+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 3261952
InitializedDataSize: 273920
UninitializedDataSize: -
EntryPoint: 0x31e43e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.24.5.2
ProductVersionNumber: 23.0.0.12
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Kaspersky
FileDescription: kaspersky Antivirus
FileVersion: 1.24.5.2
InternalName: Kaspersky antivirus
LegalCopyright: 2025 Kaspersky Inc
LegalTrademarks: Kaspersky
OriginalFileName: Kaspersky antivirus
ProductName: Kaspersky Antivirus
ProductVersion: 23.0.0.12
AssemblyVersion: 23.0.0.12
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
78
Malicious processes
30
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kasperskyantivirus.exe kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs svchost.exe kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs slui.exe kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs kaspsersky32.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
516\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
632ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
660ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
720chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
780ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
1056C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\MBnMk6LZBE1B.bat" "C:\Windows\System32\cmd.exekaspsersky32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
1132ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
1228chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1324"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe" C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe
cmd.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
kaspersky Antivirus
Exit code:
0
Version:
1.24.5.2
Modules
Images
c:\users\admin\appdata\roaming\kaspersky\kaspsersky32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1616ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
Total events
19 673
Read events
19 657
Write events
16
Delete events
0

Modification events

(PID) Process:(7616) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(7588) Kasperskyantivirus.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(7980) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(2140) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(5552) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(1324) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(7340) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(7576) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(7888) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
(PID) Process:(2240) kaspsersky32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Kaspersky auto update
Value:
"C:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exe"
Executable files
1
Suspicious files
0
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
7588Kasperskyantivirus.exeC:\Users\admin\AppData\Roaming\Kaspersky\kaspsersky32.exeexecutable
MD5:61A23A5C02F19DDA41B5F63B48784A96
SHA256:B93B5CC63A5EE1981C074ABB7921A4BDB147197DC85DD1AF42305066736D8574
7980kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\dZ4DZxW84tz3.battext
MD5:0F5EA712EAAAC6674BC0A87E6B58D560
SHA256:32958782587FA1125F742FEFC9B4C8884E295335C8587D9C2861215D8B5E31F1
7616kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\36voUaGUinM6.battext
MD5:D20719A6055C3F48B7622EC8EA53F52C
SHA256:C6E5A7E57134DAD0FEFB883914E549F70F41D95680FAC421D4A98B8165FC868C
2140kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\03LS3CVpKHFt.battext
MD5:E53E57AA033AACEED7DA897E7097E78E
SHA256:B578B237D3B73897FB44D831E2BD60A97D9E99A515D900F44E2EDC4DC847E852
1324kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\F2AB0sWXtzuB.battext
MD5:7F64AEBA010A57A0D8266F9D1112ED20
SHA256:6F8E74D8AB8A111E2F72A878A113303C12A0467961AE84E53D1D2B3FD551922A
5552kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\dPwn1hjDShxM.battext
MD5:05D88520A2C1D5636F0FBA7F2A57908B
SHA256:FEC7C4499895667AC098B5BE13DF8245FD127B9692231C00FC7B174862C12C73
3888kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\mBn3V5360rqX.battext
MD5:705D4760F3CEEC551DAE4ADEFB9F5090
SHA256:627F6779828BFF9818590C4F6E1893F59202EF4D8DEEB50FC6866A8CBCCFCA94
7340kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\YiCZokRq0xWO.battext
MD5:26BEC8610BCD49C2E5015C627E0736FD
SHA256:6FA7D464FAAE6C0BC381FF5A721903F7D38925B623FCB37A6F5C2D8AA04B8A1C
4736kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\0mOWWG6Pkecr.battext
MD5:D4A471ADE623C9208B2AC67D29C7FEEB
SHA256:17EE88D87833DC6B727C430E3595DD7822BA8B8608754B2D3866C5C0E029A6BB
7888kaspsersky32.exeC:\Users\admin\AppData\Local\Temp\0d4V2ILKl1iQ.battext
MD5:AAEFDCDA55E4FAE476756264D5B29810
SHA256:D2F2719C7713261C1CE3B3B5CF34D444AE86E24D1078CE423106DB7697B75B78
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
21
DNS requests
20
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.168.200:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
2.16.168.200:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7304
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7532
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.238
whitelisted
mmdrza.ddns.net
malicious
crl.microsoft.com
  • 2.16.168.200
  • 2.16.168.199
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DNS Query to DynDNS Domain *.ddns .net
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Kasperskyantivirus.exe