URL:

https://newsoftfiles.ru/v830.html

Full analysis: https://app.any.run/tasks/e358f95b-6a15-42fe-ac4c-2b27a0d61146
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 02, 2024, 13:54:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
arch-scr
arch-html
Indicators:
MD5:

E341F3CB1E0F37B9A9E9F5415EECE50D

SHA1:

F4EB279EEF21A706795360792995C59D7303982A

SHA256:

3A398C99F0CC8051844E8FBA70F7D4A1462D4A10C93C32C98E2994693254B9E6

SSDEEP:

3:N8oYRD0LAThQn:2oxLmQn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • lite_installer.exe (PID: 8172)
      • seederexe.exe (PID: 6888)

    • Steals credentials from Web Browsers

      • seederexe.exe (PID: 6888)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • YandexPackLoader.exe (PID: 7492)
      • lite_installer.exe (PID: 8172)

    • Executable content was dropped or overwritten

      • YandexPackLoader.exe (PID: 7492)
      • lite_installer.exe (PID: 8172)
      • Yandex.exe (PID: 8176)
      • YandexPackLoader.exe (PID: 8164)
      • YandexPackLoader.exe (PID: 696)
      • lite_installer.exe (PID: 6960)
      • lite_installer.exe (PID: 864)

    • Process drops legitimate windows executable

      • YandexPackLoader.exe (PID: 7492)
      • YandexPackLoader.exe (PID: 8164)
      • YandexPackLoader.exe (PID: 696)

    • Checks Windows Trust Settings

      • YandexPackLoader.exe (PID: 7492)
      • msiexec.exe (PID: 7488)

    • Application launched itself

      • YandexPackLoader.exe (PID: 7492)
      • YandexPackLoader.exe (PID: 8164)
      • YandexPackLoader.exe (PID: 696)

    • Starts a Microsoft application from unusual location

      • YandexPackSetup.exe (PID: 6264)
      • YandexPackSetup.exe (PID: 3108)
      • YandexPackSetup.exe (PID: 2140)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7488)

    • Reads Mozilla Firefox installation path

      • seederexe.exe (PID: 6888)

    • Starts itself from another location

      • Yandex.exe (PID: 8176)

    • Potential Corporate Privacy Violation

      • YandexPackLoader.exe (PID: 7492)
      • YandexPackLoader.exe (PID: 696)
      • lite_installer.exe (PID: 8172)
      • YandexPackLoader.exe (PID: 8164)
      • lite_installer.exe (PID: 6960)

  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1784)
      • msedge.exe (PID: 5584)
      • msiexec.exe (PID: 7488)
      • msiexec.exe (PID: 7584)
      • msiexec.exe (PID: 7328)
      • msiexec.exe (PID: 3076)

    • Checks supported languages

      • identity_helper.exe (PID: 8108)
      • YandexPackLoader.exe (PID: 7492)
      • YandexPackLoader.exe (PID: 7504)
      • YandexPackSetup.exe (PID: 6264)
      • msiexec.exe (PID: 7488)
      • msiexec.exe (PID: 7584)
      • lite_installer.exe (PID: 8172)
      • seederexe.exe (PID: 6888)

    • Application launched itself

      • msedge.exe (PID: 5584)

    • Reads the computer name

      • identity_helper.exe (PID: 8108)
      • YandexPackLoader.exe (PID: 7492)
      • YandexPackSetup.exe (PID: 6264)
      • msiexec.exe (PID: 7488)
      • msiexec.exe (PID: 7584)
      • lite_installer.exe (PID: 8172)
      • YandexPackLoader.exe (PID: 7504)
      • seederexe.exe (PID: 6888)

    • Reads Environment values

      • identity_helper.exe (PID: 8108)

    • The process uses the downloaded file

      • msedge.exe (PID: 7948)
      • msedge.exe (PID: 5584)
      • YandexPackLoader.exe (PID: 7492)

    • Create files in a temporary directory

      • YandexPackLoader.exe (PID: 7492)
      • YandexPackLoader.exe (PID: 7504)
      • YandexPackSetup.exe (PID: 6264)
      • msiexec.exe (PID: 7584)
      • lite_installer.exe (PID: 8172)
      • seederexe.exe (PID: 6888)

    • Checks proxy server information

      • YandexPackLoader.exe (PID: 7492)
      • lite_installer.exe (PID: 8172)

    • Creates files or folders in the user directory

      • YandexPackLoader.exe (PID: 7492)
      • msiexec.exe (PID: 7584)
      • lite_installer.exe (PID: 8172)
      • msiexec.exe (PID: 7488)
      • seederexe.exe (PID: 6888)

    • Reads the machine GUID from the registry

      • YandexPackLoader.exe (PID: 7492)
      • msiexec.exe (PID: 7488)
      • seederexe.exe (PID: 6888)

    • Reads the software policy settings

      • YandexPackLoader.exe (PID: 7492)
      • msiexec.exe (PID: 7488)

    • Process checks computer location settings

      • YandexPackLoader.exe (PID: 7492)
      • msiexec.exe (PID: 7584)

    • Sends debugging messages

      • YandexPackSetup.exe (PID: 6264)
      • msiexec.exe (PID: 7584)
      • YandexPackLoader.exe (PID: 7504)

    • Manual execution by a user

      • {04465C67-E303-41F5-B992-D4C1ACF38CD9}.exe (PID: 7904)
      • {F5D703CE-E61C-4BBF-B5BE-B4971ECDA471}.exe (PID: 7492)
      • {CE4AF18E-CDE4-46F2-986D-51A112639F2C}.exe (PID: 616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
185
Monitored processes
58
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs yandexpackloader.exe yandexpacksetup.exe yandexpackloader.exe msiexec.exe msiexec.exe lite_installer.exe seederexe.exe {04465c67-e303-41f5-b992-d4c1acf38cd9}.exe yandex.exe explorer.exe no specs sender.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs yandexpackloader.exe yandexpackloader.exe yandexpacksetup.exe yandexpackloader.exe msiexec.exe lite_installer.exe seederexe.exe yandex.exe no specs sender.exe {f5d703ce-e61c-4bbf-b5be-b4971ecda471}.exe no specs yandexpacksetup.exe no specs yandexpackloader.exe no specs msiexec.exe lite_installer.exe seederexe.exe no specs yandex.exe no specs sender.exe no specs msedge.exe no specs {ce4af18e-cde4-46f2-986d-51a112639f2c}.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Users\admin\AppData\Local\Temp\{CE4AF18E-CDE4-46F2-986D-51A112639F2C}.exe" --job-name=yBrowserDownloader-{648397C8-5FC2-4B71-B094-5D0B567D05D7} --send-statistics --local-path=C:\Users\admin\AppData\Local\Temp\{CE4AF18E-CDE4-46F2-986D-51A112639F2C}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=9183405-830&ui=d69b60c0-B1BD-4F85-A3C6-33B5D7BAcbb7 --use-user-default-localeC:\Users\admin\AppData\Local\Temp\{CE4AF18E-CDE4-46F2-986D-51A112639F2C}.exeexplorer.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex
Exit code:
600
Version:
24.10.1.599
696"C:\Users\admin\Downloads\YandexPackLoader.exe" C:\Users\admin\Downloads\YandexPackLoader.exe
msedge.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.33
Modules
Images
c:\users\admin\downloads\yandexpackloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
864"C:\Users\admin\AppData\Local\Temp\506E84C4-BF92-498E-8247-61C544E19A0B\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSERC:\Users\admin\AppData\Local\Temp\506E84C4-BF92-498E-8247-61C544E19A0B\lite_installer.exe
msiexec.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
YandexBrowserDownloader
Exit code:
0
Version:
1.0.1.9
1784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2488 --field-trial-handle=2364,i,2735827364636159037,18387828462425182864,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2368 --field-trial-handle=2364,i,2735827364636159037,18387828462425182864,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2140"C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=830 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exeYandexPackLoader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Software Installer
Exit code:
0
Version:
3.0.5419.0
2312C:\Users\admin\AppData\Local\Temp\800F5E2D-8813-46DF-9088-0FF7367ACEB9\sender.exe --send "/status.xml?clid=9183476-830&uuid=d69b60c0-B1BD-4F85-A3C6-33B5D7BAcbb7&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A45%0A58%0A59%0A89%0A103%0A111%0A123%0A124%0A125%0A129%0A"C:\Users\admin\AppData\Local\Temp\800F5E2D-8813-46DF-9088-0FF7367ACEB9\sender.exe
seederexe.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
Yandex Statistics
Exit code:
0
Version:
0.0.2.14
Modules
Images
c:\users\admin\appdata\local\temp\800f5e2d-8813-46df-9088-0ff7367aceb9\sender.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7060 --field-trial-handle=2364,i,2735827364636159037,18387828462425182864,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2816C:\Users\admin\Downloads\YandexPackLoader.exe --stat dwnldr/p=635487/cnt=1/dt=6/ct=1/rt=0 --dh 2244 --st 1730555753C:\Users\admin\Downloads\YandexPackLoader.exeYandexPackLoader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.33
3076C:\Windows\syswow64\MsiExec.exe -Embedding FD5694F39E1E5AB0467717CC77D7632FC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Total events
35 786
Read events
35 593
Write events
162
Delete events
31

Modification events

(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5584) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
078C5DAE84842F00
(PID) Process:(5584) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
424868AE84842F00
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262724
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4FDCA4BE-C064-4B3B-9052-584D3A8546A5}
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262724
Operation:writeName:WindowTabManagerFileMappingId
Value:
{2B331052-BD87-403B-8EE1-F3BF9630A4A0}
(PID) Process:(5584) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
2A76A1AE84842F00
(PID) Process:(5584) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
Executable files
59
Suspicious files
220
Text files
292
Unknown types
9

Dropped files

PID
Process
Filename
Type
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF8be28.TMP
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF8be57.TMP
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF8be57.TMP
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF8be57.TMP
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF8be86.TMP
MD5:
SHA256:
5584msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
91
DNS requests
68
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1552
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5584
msedge.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
5584
msedge.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDHkE0y50%2FEcrZsCKOA%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4360
SearchApp.exe
2.23.209.182:443
www.bing.com
Akamai International B.V.
GB
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1784
msedge.exe
52.123.243.197:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1784
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1784
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.140
  • 2.23.209.176
  • 2.23.209.179
  • 2.23.209.150
  • 2.23.209.158
  • 2.23.209.177
  • 2.23.209.149
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.193
  • 2.23.209.187
  • 2.23.209.130
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
  • 2.16.164.107
  • 2.16.164.40
  • 2.16.164.82
  • 2.16.164.114
  • 2.16.164.17
  • 2.16.164.128
  • 2.16.164.81
whitelisted
www.microsoft.com
  • 23.32.185.131
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
config.edge.skype.com
  • 52.123.243.197
  • 52.123.243.198
  • 52.123.243.80
  • 52.123.243.77
whitelisted
newsoftfiles.ru
  • 45.82.176.183
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

PID
Process
Class
Message
7492
YandexPackLoader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
8172
lite_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
8172
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
8164
YandexPackLoader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
696
YandexPackLoader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
6960
lite_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
6960
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
696
YandexPackLoader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Process
Message
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 1
YandexPackSetup.exe
GetSidFromEnumSess(): LsaGetLogonSessionData(0) err = 5
YandexPackSetup.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1693682860-607145093-2874071422-1001
YandexPackSetup.exe
GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
YandexPackSetup.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1693682860-607145093-2874071422-1001
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://newsoftfiles.ru/v830.html