File name:

kav21.3.10.391abcdefghijklen_26157.exe

Full analysis: https://app.any.run/tasks/50db4424-e80a-4605-85ab-c1ea9de78467
Verdict: Malicious activity
Analysis date: December 09, 2024, 08:19:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

69DD39AAD54AB8646E9FC520CEC1DD01

SHA1:

0723D4FE16B5DF6589CE60F3EF44E09F1B10B3F6

SHA256:

F367025F71C510F9A71DC57F104E92B57D3614FC6FE221CFF4202AFE091DE1A3

SSDEEP:

98304:SKBwrBZbYrniSos+jMPSyK88tXmgeYXRlPdjE48/V1otBbQEIHoEdni8RJwjhvdI:cIv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Application launched itself

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • Reads Microsoft Outlook installation path

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • Checks Windows Trust Settings

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Reads security settings of Internet Explorer

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • The process verifies whether the antivirus software is installed

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

  • INFO

    • Create files in a temporary directory

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Reads the computer name

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)
      • TEST_WPF.EXE (PID: 4392)

    • Checks supported languages

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • Checks for the presence of KasperskyLab

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • Reads the machine GUID from the registry

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)
      • TEST_WPF.EXE (PID: 4392)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Checks proxy server information

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • The process uses the downloaded file

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)
      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)

    • Creates files in the program directory

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 3364)

    • Process checks whether UAC notifications are on

      • kav21.3.10.391abcdefghijklen_26157.exe (PID: 6676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1972:01:30 11:30:30+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 302080
InitializedDataSize: 2372096
UninitializedDataSize: -
EntryPoint: 0x24c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 21.3.10.391
ProductVersionNumber: 21.3.10.391
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Kaspersky
FileDescription: Kaspersky Anti-Virus [21.3.10.391.0.2472.0 (a.b.c.d.e.f.g.h.i.j.k.l)]
FileVersion: 21.3.10.391
LegalCopyright: © 2021 AO Kaspersky Lab
LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
ProductName: Kaspersky Anti-Virus
ProductVersion: 21.3.10.391
InternalName: Setup
OriginalFileName: Setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kav21.3.10.391abcdefghijklen_26157.exe kav21.3.10.391abcdefghijklen_26157.exe test_wpf.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3364"C:\Users\admin\AppData\Local\Temp\kav21.3.10.391abcdefghijklen_26157.exe" /-elevated=C:\Users\admin\AppData\Local\Temp\kav21.3.10.391abcdefghijklen_26157.exe
kav21.3.10.391abcdefghijklen_26157.exe
User:
admin
Company:
Kaspersky
Integrity Level:
HIGH
Description:
Kaspersky Anti-Virus [21.3.10.391.0.2472.0 (a.b.c.d.e.f.g.h.i.j.k.l)]
Version:
21.3.10.391
Modules
Images
c:\users\admin\appdata\local\temp\kav21.3.10.391abcdefghijklen_26157.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
4392"C:\Users\admin\AppData\Local\Temp\66649403-B606-11EF-B4EA-18F7786F96EE\TEST_WPF.EXE" "C:\Users\admin\AppData\Local\Temp\10494666606BFE114BAE817F87F669EE\setup.dll"C:\Users\admin\AppData\Local\Temp\66649403-B606-11EF-B4EA-18F7786F96EE\TEST_WPF.EXEkav21.3.10.391abcdefghijklen_26157.exe
User:
admin
Integrity Level:
HIGH
Description:
test_wpf
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\66649403-b606-11ef-b4ea-18f7786f96ee\test_wpf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6676"C:\Users\admin\AppData\Local\Temp\kav21.3.10.391abcdefghijklen_26157.exe" C:\Users\admin\AppData\Local\Temp\kav21.3.10.391abcdefghijklen_26157.exe
explorer.exe
User:
admin
Company:
Kaspersky
Integrity Level:
MEDIUM
Description:
Kaspersky Anti-Virus [21.3.10.391.0.2472.0 (a.b.c.d.e.f.g.h.i.j.k.l)]
Version:
21.3.10.391
Modules
Images
c:\users\admin\appdata\local\temp\kav21.3.10.391abcdefghijklen_26157.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dbghelp.dll
Total events
12 144
Read events
11 978
Write events
157
Delete events
9

Modification events

(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_ep_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_ep_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_marketing_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_ep_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_marketing_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_eula_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_ep_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_marketing_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_eula_gdpr_en.txt
(PID) Process:(6676) kav21.3.10.391abcdefghijklen_26157.exeKey:HKEY_CURRENT_USER\SOFTWARE\KasperskyLabSetup\Setup21.3.10.391.0.2472.0
Operation:writeName:TrashFiles
Value:
C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-bases-x64-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\index-kleaner-2.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.z C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_antispam_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_ep_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksn_marketing_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_eula_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_eula_gdpr_en.txt C:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\ksde_ksn_en.txt
Executable files
4
Suspicious files
34
Text files
26
Unknown types
12

Dropped files

PID
Process
Filename
Type
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\kis-logo.pngimage
MD5:18F81892DAA926FEC1D30324B4CD9367
SHA256:681A96B96B5E0425FC74BE929D29164528BF0BC0A84AC97952C011E407E23D9B
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\kis-loading.gifimage
MD5:69D4B9B309BFA6A87F7620647BAFD2D0
SHA256:F056164CF99799234C90E2318E90AB5D83D0FD855118224286FF0680EE455734
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\jquery.custom_select.min.jsbinary
MD5:D2C620C462B75696EEA1FB22FB23602A
SHA256:DD678D32073078552E0E2C35EED78F16CC8D6E8662D4734518561A1B183F775C
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\kis-script-lte-ie8.jstxt
MD5:5134186180074C51639D7A514919ED23
SHA256:33E84B33FF911257E3A6A303C08A2CC178827DADB7DFD7C951E096866E02AD5E
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\welcome_page_kavkis.htmlhtml
MD5:725363D5B886E02F1C5476F79590B577
SHA256:29F0688682087BC5262F8ABB97D0804A1FC8A7FF16685C24B6197E61CC1A6401
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5F00B2D5606BFE114BAE817F87F669EE\setup.dllexecutable
MD5:53179D48DF3A37E67EFFE6E88A95371D
SHA256:47C734C75EB998A776480E6396613B4E910D19D2702AC3F888ABDBEAE2B6C927
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\5D2B00F6-B606-11EF-B4EA-18F7786F96EE\jquery-1.12.4.min.jss
MD5:4F252523D4AF0B478C810C2547A63E19
SHA256:668B046D12DB350CCBA6728890476B3EFEE53B2F42DBB84743E5E9F1AE0CC404
6676kav21.3.10.391abcdefghijklen_26157.exeC:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdbbinary
MD5:79A78149E4EF2E6E09CC061338C7B151
SHA256:E6C0DA20FC5D9EDA24E4128FAA5641F8B2D39951E0A0236C013E1F1EFCBF83FD
6676kav21.3.10.391abcdefghijklen_26157.exeC:\Users\admin\AppData\Local\Temp\kl-setup-2024-12-09-08-19-53_KAV.21.3.10.391.logtext
MD5:AF4EA175B83E1E4380DD44A0F5166AE2
SHA256:A22FB163483098C11F3B88B48BF5A512DBDBE31C9065F8402F0FE7F1C274E992
6676kav21.3.10.391abcdefghijklen_26157.exeC:\ProgramData\Kaspersky Lab Setup Files\KAV21.3.10.391.0.2472.0\kdscrl.rdb.zcompressed
MD5:B38C525BF8035459F80E6CEC7C40C78A
SHA256:3B7AC787237BA972C9C5C5480367EBE188B46FBD74DBCF130887719476AD68E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
41
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6676
kav21.3.10.391abcdefghijklen_26157.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
3364
kav21.3.10.391abcdefghijklen_26157.exe
GET
301
77.74.177.233:80
http://redirect.kaspersky.com/slideshow_default
unknown
whitelisted
3364
kav21.3.10.391abcdefghijklen_26157.exe
GET
301
77.74.177.233:80
http://redirect.kaspersky.com/slideshow_default
unknown
whitelisted
6508
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3364
kav21.3.10.391abcdefghijklen_26157.exe
GET
301
77.74.177.233:80
http://redirect.kaspersky.com/slideshow_default
unknown
whitelisted
6932
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1016
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.23.209.161:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.bing.com
  • 2.23.209.161
  • 2.23.209.160
  • 2.23.209.169
  • 2.23.209.168
  • 2.23.209.164
  • 2.23.209.162
  • 2.23.209.159
  • 2.23.209.166
  • 2.23.209.167
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.4
  • 20.190.159.73
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.23
whitelisted
go.microsoft.com
  • 23.32.186.57
whitelisted
dm.s.kaspersky-labs.com
  • 80.239.169.147
  • 109.248.196.5
  • 80.231.123.135
unknown
redirect.kaspersky.com
  • 77.74.177.233
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kav21.3.10.391abcdefghijklen_26157.exe