URL:

https://cdn.kobo.com/downloads/desktop/kobodesktop/kobosetup.exe

Full analysis: https://app.any.run/tasks/f82672e9-d211-42bb-bdf5-a4c0537004ff
Verdict: Malicious activity
Analysis date: June 25, 2024, 08:59:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

50B3CE065230CF7147801ECD294AE676

SHA1:

E724988441DA82263A3C8846F060D91CEB5BF9E8

SHA256:

CB09105204EB7F6EE75D2F9BD9B96A8D044C807427831D2787A5A313B630725B

SSDEEP:

3:N8cd/BXK2WORKVKOK6A2KOKtAvA:2cdJa2WOROPrtvA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3988)
      • vcredist_x86.exe (PID: 3992)
      • msiexec.exe (PID: 1164)

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 3992)

    • Creates a writable file in the system directory

      • msiexec.exe (PID: 1164)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3988)
      • vcredist_x86.exe (PID: 3992)

    • Starts application with an unusual extension

      • kobosetup.exe (PID: 3336)

    • Uses TASKKILL.EXE to kill process

      • ns7AD7.tmp (PID: 3084)

    • Process drops legitimate windows executable

      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3988)
      • vcredist_x86.exe (PID: 3992)
      • msiexec.exe (PID: 1164)

    • The process creates files with name similar to system file names

      • kobosetup.exe (PID: 3336)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • kobosetup.exe (PID: 3336)

    • Searches for installed software

      • vcredist_x86.exe (PID: 3988)
      • vcredist_x86.exe (PID: 3992)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4048)

    • Creates a software uninstall entry

      • vcredist_x86.exe (PID: 3992)
      • kobosetup.exe (PID: 3336)

    • Reads security settings of Internet Explorer

      • vcredist_x86.exe (PID: 3992)

    • Application launched itself

      • vcredist_x86.exe (PID: 3992)

    • Reads the Internet Settings

      • vcredist_x86.exe (PID: 3992)
      • Kobo.exe (PID: 2792)

    • Reads settings of System Certificates

      • vcredist_x86.exe (PID: 3992)
      • Kobo.exe (PID: 2792)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 1164)
      • vcredist_x86.exe (PID: 3992)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1164)

    • Checks for Java to be installed

      • Kobo.exe (PID: 2792)

  • INFO

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3380)

    • Application launched itself

      • iexplore.exe (PID: 3380)

    • Reads the computer name

      • kobosetup.exe (PID: 3336)
      • wmpnscfg.exe (PID: 2748)
      • vcredist_x86.exe (PID: 3992)
      • vcredist_x86.exe (PID: 3988)
      • msiexec.exe (PID: 1164)
      • Kobo.exe (PID: 2792)

    • Create files in a temporary directory

      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3988)
      • vcredist_x86.exe (PID: 3992)
      • msiexec.exe (PID: 1164)
      • Kobo.exe (PID: 2792)

    • Checks supported languages

      • ns7AD7.tmp (PID: 3084)
      • wmpnscfg.exe (PID: 2748)
      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3992)
      • vcredist_x86.exe (PID: 3988)
      • msiexec.exe (PID: 1164)
      • Kobo.exe (PID: 2792)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3380)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3432)
      • msiexec.exe (PID: 1164)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2748)
      • Kobo.exe (PID: 2792)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3432)

    • Creates files in the program directory

      • kobosetup.exe (PID: 3336)
      • vcredist_x86.exe (PID: 3992)

    • Reads the machine GUID from the registry

      • vcredist_x86.exe (PID: 3992)
      • msiexec.exe (PID: 1164)
      • kobosetup.exe (PID: 3336)
      • Kobo.exe (PID: 2792)

    • Reads the software policy settings

      • vcredist_x86.exe (PID: 3992)
      • msiexec.exe (PID: 1164)

    • Creates files or folders in the user directory

      • vcredist_x86.exe (PID: 3992)
      • Kobo.exe (PID: 2792)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
12
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs kobosetup.exe no specs kobosetup.exe ns7ad7.tmp no specs taskkill.exe no specs vcredist_x86.exe vcredist_x86.exe vssvc.exe no specs msiexec.exe kobo.exe

Process information

PID
CMD
Path
Indicators
Parent process
1164C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2428"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exeiexplore.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\kobosetup.exe
c:\windows\system32\ntdll.dll
2652taskkill /F /IM Kobo.exeC:\Windows\System32\taskkill.exens7AD7.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2748"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2792"C:\Program Files\Kobo\Kobo.exe" --affiliate KoboC:\Program Files\Kobo\Kobo.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Kobo Desktop Edition
Modules
Images
c:\program files\kobo\kobo.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\kobo\qtsolutions_singleapplication-2.6.dll
c:\program files\kobo\qt5widgets.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3084"C:\Users\admin\AppData\Local\Temp\nss7A59.tmp\ns7AD7.tmp" taskkill /F /IM Kobo.exeC:\Users\admin\AppData\Local\Temp\nss7A59.tmp\ns7AD7.tmpkobosetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
128
Modules
Images
c:\users\admin\appdata\local\temp\nss7a59.tmp\ns7ad7.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3336"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exe
iexplore.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\kobosetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3380"C:\Program Files\Internet Explorer\iexplore.exe" "https://cdn.kobo.com/downloads/desktop/kobodesktop/kobosetup.exe"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3380 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3988"C:\Program Files\Kobo\vcredist_x86.exe" /q -burn.unelevated BurnPipe.{79E293C7-0E13-4F8A-BBA5-241FCC6C0916} {9B75A1B1-3D08-4E49-858E-DD5C13632690} 3992C:\Program Files\Kobo\vcredist_x86.exe
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Exit code:
0
Version:
11.0.61030.0
Modules
Images
c:\program files\kobo\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
Total events
42 036
Read events
41 358
Write events
631
Delete events
47

Modification events

(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31114973
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
220354696
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31114974
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
82
Suspicious files
595
Text files
34
Unknown types
3

Dropped files

PID
Process
Filename
Type
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exe.dqzzdwk.partial
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\kobosetup.exe
MD5:
SHA256:
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8der
MD5:1BFE0A81DB078EA084FF82FE545176FE
SHA256:5BA8817F13EEE00E75158BAD93076AB474A068C6B52686579E0F728FDA68499F
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\kobosetup[1].exeexecutable
MD5:9BB1559FB100F01007E6208C86AE65E9
SHA256:454389ADDE6BBAF519191F862E97D711662799B736736EEDF445BA8D320702B1
3432iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AFMOH1T.txttext
MD5:CDA95B8C2DCAC652E491A742DA6118BA
SHA256:61C22A85CFC4040449BFCC745D4A9161BDE0ED383B758ACDAE5A4B33C3E24549
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:2365869258DF7A66A2121B802CA4AFD9
SHA256:D6B1932822BBD72A8E78C771717D992142348F67D625A42393719FEFBE59B0ED
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:CF525B248674A72191D7F71E14F7F10F
SHA256:991C639C824664AFC9BAC910E8E30CD6A360D57450387D2BED8E4C3293F868AE
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:6E5B8E29D697BFC4152646D3BE493ECB
SHA256:CEAB551FD836E118D1CD7F00FB4AB8A909CDB2B082DFBF5CA8983F3891F8EE57
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:7F6DD6C449B0D13A3B0A13B7F7184AAC
SHA256:AC9853B2E2E6C6F933702CA847E3EAE2E7E674A5C2C490C3A5F6D6A23C9D1D0C
3380iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF76E4A9B445E0376F.TMPbinary
MD5:6B70BAB54128AFE3C4C2CCC6595D0C6B
SHA256:0E5C09BD4702DC5B66DFCE15D30A7E119AA45DD766E44E38414771B8F6C835AA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
46
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd83cc15ab472c49
US
unknown
3432
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?efa5239e04139ffd
US
unknown
1372
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
unknown
3380
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
unknown
3992
vcredist_x86.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
DE
binary
767 b
unknown
3380
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
US
binary
471 b
unknown
1372
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
unknown
1060
svchost.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?192ecb87e3aa49c5
US
unknown
3992
vcredist_x86.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
DE
binary
519 b
unknown
3380
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
3432
iexplore.exe
104.18.37.155:443
storeapi.kobo.com
CLOUDFLARENET
unknown
3432
iexplore.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3432
iexplore.exe
142.250.186.67:80
c.pki.goog
GOOGLE
US
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
1372
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
c.pki.goog
  • 142.250.186.67
unknown
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted

Threats

No threats detected
Process
Message
kobosetup.exe
ExecShellAsUser: DLL_PROCESS_ATTACH
kobosetup.exe
ExecShellAsUser: got desktop
kobosetup.exe
ExecShellAsUser: elevated process detected
kobosetup.exe
ExecShellAsUser: NSPIM_UNLOAD wait...
kobosetup.exe
ExecShellAsUser: thread finished
kobosetup.exe
ExecShellAsUser: NSPIM_UNLOAD
kobosetup.exe
ExecShellAsUser: DLL_PROCESS_DETACH
Kobo.exe
putenv "NICKEL_HOME=C:/Users/admin/AppData/Local/Kobo/Kobo Desktop Edition"
Kobo.exe
( 0.321 @ main (0xe3270) / ui.debug) windir= "C:\Windows"
Kobo.exe
( 1.601 @ main (0xe3270)) QSqlQuery::value: not positioned on a valid record
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cdn.kobo.com/downloads/desktop/kobodesktop/kobosetup.exe